cve/2018/CVE-2018-15634.md

### [CVE-2018-15634](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15634)
![](https://img.shields.io/static/v1?label=Product&message=Odoo%20Community&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Odoo%20Enterprise&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%3D%2014.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-site%20Scripting%20(XSS)&color=brighgreen)

### Description

Cross-site scripting (XSS) issue in attachment management in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via a crafted link.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cvemon
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2018-15634](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15634)`
			`![](https://img.shields.io/static/v1?label=Product&message=Odoo%20Community&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Odoo%20Enterprise&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=%3C%3D%2014.0%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-site%20Scripting%20(XSS)&color=brighgreen)`

			`### Description`

			`Cross-site scripting (XSS) issue in attachment management in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via a crafted link.`

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/ARPSyndicate/cvemon`