Incorrect access control in asset bundles in Odoo Community 9.0 up to and including 11.0 and previous versions and Odoo Enterprise 9.0 up to and including 11.0 and previous versions allows remote authenticated users to inject arbitrary web script via a crafted attachment.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
odoo odoo 8.0 |
||
odoo odoo 9.0 |
||
odoo odoo 10.0 |