Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2021-45071
HistoryApr 25, 2023 - 7:15 p.m.

CVE-2021-45071

2023-04-2519:15:09
Debian Security Bug Tracker
security-tracker.debian.org
5
cve-2021-45071
cross-site scripting
odoo community
odoo enterprise
remote attackers
arbitrary web script
crafted uploaded file
unix

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

42.2%

Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via crafted uploaded file names.

OSVersionArchitecturePackageVersionFilename
Debian11allodoo< 14.0.0+dfsg.2-7+deb11u1odoo_14.0.0+dfsg.2-7+deb11u1_all.deb
Debian999allodoo< 16.0.0+dfsg.1-1odoo_16.0.0+dfsg.1-1_all.deb

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

42.2%