{"containers": {"cna": {"affected": [{"product": "Odoo Community", "vendor": "Odoo", "versions": [{"lessThanOrEqual": "12.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Odoo Enterprise", "vendor": "Odoo", "versions": [{"lessThanOrEqual": "12.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting vulnerability in the Discuss App of Odoo Community 12.0 and earlier, and Odoo Enterprise 12.0 and earlier allows remote attackers to inject arbitrary web script in the browser of an internal user of the system by tricking them into inviting a follower on a document with a crafted name."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Cross-site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-04-09T15:41:20.000Z", "orgId": "22c90092-d340-4fb8-a06e-f1193e012523", "shortName": "odoo"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/odoo/odoo/issues/32515"}], "source": {"advisory": "ODOO-SA-2018-11-28-2", "discovery": "EXTERNAL"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@odoo.com", "ID": "CVE-2018-15635", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Odoo Community", "version": {"version_data": [{"version_affected": "<=", "version_value": "12.0"}]}}, {"product_name": "Odoo Enterprise", "version": {"version_data": [{"version_affected": "<=", "version_value": "12.0"}]}}]}, "vendor_name": "Odoo"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting vulnerability in the Discuss App of Odoo Community 12.0 and earlier, and Odoo Enterprise 12.0 and earlier allows remote attackers to inject arbitrary web script in the browser of an internal user of the system by tricking them into inviting a follower on a document with a crafted name."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 Cross-site Scripting (XSS)"}]}]}, "references": {"reference_data": [{"name": "https://github.com/odoo/odoo/issues/32515", "refsource": "MISC", "url": "https://github.com/odoo/odoo/issues/32515"}]}, "source": {"advisory": "ODOO-SA-2018-11-28-2", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T10:01:54.167Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/odoo/odoo/issues/32515"}]}]}, "cveMetadata": {"assignerOrgId": "22c90092-d340-4fb8-a06e-f1193e012523", "assignerShortName": "odoo", "cveId": "CVE-2018-15635", "datePublished": "2019-04-09T15:41:20.000Z", "dateReserved": "2018-08-21T00:00:00.000Z", "dateUpdated": "2024-08-05T10:01:54.167Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:odoo:odoo:*:*:*:*:community:*:*:*", "matchCriteriaId": "A958BCBB-C656-44A5-A9A9-66A66AEA67A0", "versionEndIncluding": "12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:odoo:odoo:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "059733D6-977F-4731-BA24-36F6F50F76AB", "versionEndIncluding": "12.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting vulnerability in the Discuss App of Odoo Community 12.0 and earlier, and Odoo Enterprise 12.0 and earlier allows remote attackers to inject arbitrary web script in the browser of an internal user of the system by tricking them into inviting a follower on a document with a crafted name."}, {"lang": "es", "value": "La vulnerabilidad de tipo Cross-site scripting en la aplicaci\u00f3n Discuss de Odoo Community versi\u00f3n 12.0 y anteriores, y Odoo Enterprise versi\u00f3n 12.0 y anteriores, permite a los atacantes remotos inyectar un script web arbitrario en el navegador de un usuario interno del sistema enga\u00f1\u00e1ndolos para que inviten a un seguidor de un documento con un nombre creado."}], "id": "CVE-2018-15635", "lastModified": "2024-11-21T03:51:12.030", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 4.2, "source": "security@odoo.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-09T16:29:01.130", "references": [{"source": "security@odoo.com", "tags": ["Third Party Advisory"], "url": "https://github.com/odoo/odoo/issues/32515"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/odoo/odoo/issues/32515"}], "sourceIdentifier": "security@odoo.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@odoo.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}