94 matches found
PT-2022-23684 · Webmin +1 · Webmin +1
Name of the Vulnerable Software and Affected Versions: Webmin version 1.995 Usermin versions through 1.850 Description: The issue allows for cross-site scripting XSS attacks via a crafted HTML e-mail message. This occurs in the Read Mail module of the affected software. Recommendations: For Webmi...
Information Disclosure
odoo is vulnerable to information disclosure. Insecure access controls in mail module notifications allows remote authenticated users to obtain access to arbitrary messages in conversations that are otherwise restricted...
Odoo Cross-Site Scripting Vulnerability (CNVD-2020-74056)
Odoo is an open source enterprise management suite , its features cover CRM, sales, purchasing, inventory management , manufacturing , quality management , HR full-featured , financial management , project management , PLM and a series of perfect enterprise information needs . A cross-site...
CVE-2019-11785
Improper access control in mail module followers in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to obtain access to messages posted on business records there were not given access to, and subscribe to receive future messages...
CVE-2019-11783
Improper access control in mail module channel partners in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to subscribe to arbitrary mail channels uninvited...
CVE-2019-11784
Improper access control in mail module notifications in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to obtain access to arbitrary messages in conversations they were not a party to...
CVE-2019-11785
Improper access control in mail module followers in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to obtain access to messages posted on business records there were not given access to, and subscribe to receive future messages...
DEBIAN-CVE-2019-11783
Improper access control in mail module channel partners in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to subscribe to arbitrary mail channels uninvited...
DEBIAN-CVE-2019-11784
Improper access control in mail module notifications in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to obtain access to arbitrary messages in conversations they were not a party to...
CVE-2019-11783
Improper access control in mail module channel partners in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to subscribe to arbitrary mail channels uninvited...
CVE-2018-15638
Cross-site scripting XSS issue in mail module in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via crafted channel names...
CVE-2019-11784
Improper access control in mail module notifications in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to obtain access to arbitrary messages in conversations they were not a party to...
CVE-2019-11785
Improper access control in mail module followers in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to obtain access to messages posted on business records there were not given access to, and subscribe to receive future messages...
Improper access control
Improper access control in mail module channel partners in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to subscribe to arbitrary mail channels uninvited...
Improper access control
Improper access control in mail module followers in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to obtain access to messages posted on business records there were not given access to, and subscribe to receive future messages...
Improper access control
Improper access control in mail module notifications in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to obtain access to arbitrary messages in conversations they were not a party to...
Cross site scripting
Cross-site scripting XSS issue in mail module in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via crafted channel names...
CVE-2019-11785
CVE-2019-11785 affects Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, due to improper access control in the mail module (followers). This allows remote authenticated users to access messages on business records they shouldn’t access and to subscribe to future messages. Conn...
CVE-2019-11785
Improper access control in mail module followers in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to obtain access to messages posted on business records there were not given access to, and subscribe to receive future messages...
CVE-2019-11785
Improper access control in mail module followers in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to obtain access to messages posted on business records there were not given access to, and subscribe to receive future messages...