Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:41097
HistoryJul 02, 2023 - 5:14 a.m.

Cross-site Scripting (XSS)

2023-07-0205:14:19
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
cross-site scripting
xss
arbitrary web script
uploaded file names

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

42.2%

odoo is vulnerable to Cross-site Scripting (XSS). The vulnerability is due to the binary field widget which allows an attackers to inject arbitrary web script via crafted uploaded file names.

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

42.2%