← back
CVE-2018-15638

CVE-2018-15638

CVSS 7.1 HIGHEPSS 0.7%CWE-79
Cross-site scripting (XSS) issue in mail module in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via crafted channel names.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Affected products
Odoo · Odoo CommunityOdoo · Odoo Enterprise

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/odoo/odoo/issues/63703