Lucene search

K
ubuntucveUbuntu.comUB:CVE-2021-45071
HistoryApr 25, 2023 - 12:00 a.m.

CVE-2021-45071

2023-04-2500:00:00
ubuntu.com
ubuntu.com
9
cve-2021-45071
cross-site scripting
odoo community 15.0
odoo enterprise 15.0
remote attackers
crafted uploaded file names
unix

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

42.2%

Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and Odoo
Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary
web script in the browser of a victim, via crafted uploaded file names.

OSVersionArchitecturePackageVersionFilename
ubuntu22.04noarchodoo< anyUNKNOWN
ubuntu24.04noarchodoo< anyUNKNOWN

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

42.2%