Incorrect access control in asset bundles in Odoo Community 9.0 through 11.0 and earlier and Odoo Enterprise 9.0 through 11.0 and earlier allows remote authenticated users to inject arbitrary web script via a crafted attachment.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/odoo/odoo/issues/32502 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-07-03T18:51:29
Updated: 2024-08-05T09:38:13.968Z
Reserved: 2018-08-02T00:00:00
Link: CVE-2018-14864
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-07-03T19:15:10.707
Modified: 2019-07-05T18:09:50.960
Link: CVE-2018-14864
Redhat
No data.