VYPR

mail module

by Odcms

CVEs (2)

  • CVE-2019-11783MedDec 22, 2020
    risk 0.42cvss 6.5epss 0.01

    Improper access control in mail module (channel partners) in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to subscribe to arbitrary mail channels uninvited.

  • CVE-2018-15638MedDec 22, 2020
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) issue in mail module in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via crafted channel names.