Vulnerabilities > Odoo > Odoo > 8.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-22 | CVE-2018-15634 | Cross-site Scripting vulnerability in Odoo Cross-site scripting (XSS) issue in attachment management in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via a crafted link. | 4.3 |
| 2020-12-22 | CVE-2018-15633 | Cross-site Scripting vulnerability in Odoo 10.0/11.0/8.0 Cross-site scripting (XSS) issue in "document" module in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via crafted attachment filenames. | 4.3 |
| 2020-12-22 | CVE-2018-15632 | Improper Input Validation vulnerability in Odoo 10.0/11.0/8.0 Improper input validation in database creation logic in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to initialize an empty database on which they can connect with default credentials. | 8.5 |
| 2019-07-05 | CVE-2018-14733 | Improper Input Validation vulnerability in Odoo The Odoo Community Association (OCA) dbfilter_from_header module makes Odoo 8.x, 9.x, 10.x, and 11.x vulnerable to ReDoS (regular expression denial of service) under certain circumstances. | 5.0 |
| 2019-07-03 | CVE-2018-14860 | OS Command Injection vulnerability in Odoo 10.0/11.0/8.0 Improper sanitization of dynamic user expressions in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated privileged users to escape from the dynamic expression sandbox and execute arbitrary code on the hosting system. | 9.0 |
| 2019-07-03 | CVE-2018-14864 | Improper Access Control vulnerability in Odoo 10.0/8.0/9.0 Incorrect access control in asset bundles in Odoo Community 9.0 through 11.0 and earlier and Odoo Enterprise 9.0 through 11.0 and earlier allows remote authenticated users to inject arbitrary web script via a crafted attachment. | 4.0 |
| 2019-05-22 | CVE-2017-5871 | Open Redirect vulnerability in Odoo 10.0/8.0/9.0 Odoo Version <= 8.0-20160726 and Version 9 is affected by: CWE-601: Open redirection. | 5.8 |
| 2019-04-09 | CVE-2018-15635 | Cross-site Scripting vulnerability in Odoo Cross-site scripting vulnerability in the Discuss App of Odoo Community 12.0 and earlier, and Odoo Enterprise 12.0 and earlier allows remote attackers to inject arbitrary web script in the browser of an internal user of the system by tricking them into inviting a follower on a document with a crafted name. | 4.3 |
| 2019-04-09 | CVE-2018-15631 | Unspecified vulnerability in Odoo Improper access control in the Discuss App of Odoo Community 12.0 and earlier, and Odoo Enterprise 12.0 and earlier allows remote authenticated attackers to e-mail themselves arbitrary files from the database, via a crafted RPC request. | 4.0 |
| 2017-07-04 | CVE-2017-10805 | Incorrect Authorization vulnerability in Odoo 10.0/8.0/9.0 In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, incorrect access control on OAuth tokens in the OAuth module allows remote authenticated users to hijack OAuth sessions of other users. | 6.5 |