Description

Odoo is vulnerable to an XSS vulnerability (cross-site scripting) due to an incorrect content type set on an API endpoint.

Remediation

Upgrade to the latest version of Odoo

References

Get Your Content Type Right or Else

Related Vulnerabilities

Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-3056)

WordPress Plugin WP Maps-Display Google Maps Perfectly with Ease Cross-Site Scripting (4.0.4)

phpBB Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-1627)

MySQL CVE-2014-4207 Vulnerability (CVE-2014-4207)

Joomla Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2007-4190)

Severity

Medium

Classification

CVE-2023-1434 CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:L

Tags

XSS Known Vulnerabilities