Arbitrary Web Script Injection via Crafted Uploaded File Names in Odoo Community and Enterprise 15.0 and Earlier
CVE-2021-45071 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via crafted uploaded file names.
Learn more about our Web App Pen Testing.