CVE-2018-15634
6.1
MEDIUM
CVSS 3.1
EPSS 0.29%
Description
Cross-site scripting (XSS) issue in attachment management in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via a crafted link.
How to fix CVE-2018-15634
To remediate CVE-2018-15634, upgrade the affected package to a fixed version below.
- Debian/odoo—upgrade to 14.0.0+dfsg.2-1 or later
Is CVE-2018-15634 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 14.0.0+dfsg.2-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |