Incorrect access control in the portal messaging system in Odoo Community 9.0 and 10.0 and Odoo Enterprise 9.0 and 10.0 allows remote malicious users to post messages on behalf of customers, and to guess document attribute values, via crafted parameters.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
odoo odoo 9.0 |
||
odoo odoo 10.0 |