Odoo Odoo Community
32 CVEs affecting Odoo Odoo Community. Latest disclosed: 2025-02-25. Critical: 1, High: 16.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-29396 | Critical | 9.9 | 2020-12-22 | A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticate… |
CVE-2021-44547 | High | 8.7 | 2023-04-25 | A sandboxing issue in Odoo Community 15.0 and Odoo Enterprise 15.0 allows authenticated administrators to executed arbitrary code, leading to privilege escalat… |
CVE-2021-23186 | High | 8.7 | 2023-04-25 | A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to access and modify database co… |
CVE-2021-23166 | High | 8.7 | 2023-04-25 | A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on… |
CVE-2018-15632 | High | 8.2 | 2020-12-22 | Improper input validation in database creation logic in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to initia… |
CVE-2024-12368 | High | 8.1 | 2025-02-25 | Improper access control in the auth_oauth module of Odoo Community 15.0 and Odoo Enterprise 15.0 allows an internal user to export the OAuth tokens of other us… |
CVE-2018-15645 | High | 8.1 | 2020-12-22 | Improper access control in message routing in Odoo Community 12.0 and earlier and Odoo Enterprise 12.0 and earlier allows remote authenticated users to create… |
CVE-2019-11780 | High | 8.1 | 2019-12-19 | Improper access control in the computed fields system of the framework of Odoo Community 13.0 and Odoo Enterprise 13.0 allows remote authenticated attackers to… |
CVE-2024-36259 | High | 7.5 | 2025-02-25 | Improper access control in mail module of Odoo Community 17.0 and Odoo Enterprise 17.0 allows remote authenticated attackers to extract sensitive information v… |
CVE-2021-23203 | High | 7.5 | 2023-04-25 | Improper access control in reporting engine of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to download PDF… |
CVE-2021-26263 | High | 7.5 | 2023-04-25 | Cross-site scripting (XSS) issue in Discuss app of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to inject a… |
CVE-2021-23178 | High | 7.5 | 2023-04-25 | Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows attackers to validate online payments with a tokenized p… |
CVE-2021-44460 | High | 7.4 | 2023-04-25 | Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier allows users with deactivated accounts to access the system wit… |
CVE-2021-45111 | High | 7.1 | 2023-04-25 | Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to trigger the creation of de… |
CVE-2018-15638 | High | 7.1 | 2020-12-22 | Cross-site scripting (XSS) issue in mail module in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote attackers to inject arbi… |
CVE-2018-15634 | High | 7.1 | 2020-12-22 | Cross-site scripting (XSS) issue in attachment management in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote attackers to i… |
CVE-2018-15633 | High | 7.1 | 2020-12-22 | Cross-site scripting (XSS) issue in "document" module in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to injec… |
CVE-2021-44476 | Medium | 6.8 | 2023-04-25 | A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read local files on the serve… |
CVE-2021-26947 | Medium | 6.5 | 2023-04-25 | Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script i… |
CVE-2021-44775 | Medium | 6.5 | 2023-04-25 | Cross-site scripting (XSS) issue in Website app of Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbi… |