WEB APPLICATION VULNERABILITIES Standard & Premium

Odoo XSS (CVE-2023-1434)

Description

Odoo is vulnerable to an XSS vulnerability (cross-site scripting) due to an incorrect content type set on an API endpoint.

Remediation

Upgrade to the latest version of Odoo

References

Get Your Content Type Right or Else

Related Vulnerabilities

Oracle Application Server Other Vulnerability (CVE-2005-1496)

Ruby on Rails Improper Input Validation Vulnerability (CVE-2010-3933)

phpMyFAQ Improper Access Control Vulnerability (CVE-2024-22202)

Oracle Application Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2004-1367)

WordPress Plugin WBW Currency Switcher for WooCommerce Cross-Site Scripting (1.6.5)

Severity

Medium

Classification

CVE-2023-1434 CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:L

Tags

XSS Known Vulnerabilities