CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30620 – WordPress WP Odoo Form Integrator plugin <=1.1.0 - CSRF to Stored XSS vulnerability
https://notcve.org/view.php?id=CVE-2025-30620
24 Mar 2025 — Cross-Site Request Forgery (CSRF) vulnerability in coderscom WP Odoo Form Integrator allows Stored XSS. This issue affects WP Odoo Form Integrator: from n/a through 1.1.0. The WP Odoo Form Integrator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted ... • https://patchstack.com/database/wordpress/plugin/wp-odoo-form-integrator/vulnerability/wordpress-wp-odoo-form-integrator-plugin-1-1-0-csrf-to-stored-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36259
https://notcve.org/view.php?id=CVE-2024-36259
25 Feb 2025 — Improper access control in mail module of Odoo Community 17.0 and Odoo Enterprise 17.0 allows remote authenticated attackers to extract sensitive information via an oracle-based (yes/no response) crafted attack. • https://github.com/odoo/odoo/issues/199330 • CWE-284: Improper Access Control •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-12368
https://notcve.org/view.php?id=CVE-2024-12368
25 Feb 2025 — Improper access control in the auth_oauth module of Odoo Community 15.0 and Odoo Enterprise 15.0 allows an internal user to export the OAuth tokens of other users. • https://github.com/odoo/odoo/issues/193854 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56299 – WordPress Notify Odoo plugin <= 1.0.0 - CSRF to Stored XSS vulnerability
https://notcve.org/view.php?id=CVE-2024-56299
03 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pektsekye Notify Odoo allows Stored XSS.This issue affects Notify Odoo: from n/a through 1.0.0. La vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en Pektsekye Notify Odoo permite XSS almacenado. Este problema afecta a Notify Odoo: desde n/a hasta 1.0.0. The Notify Odoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in... • https://patchstack.com/database/wordpress/plugin/notify-odoo/vulnerability/wordpress-notify-odoo-plugin-1-0-0-csrf-to-stored-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34533
https://notcve.org/view.php?id=CVE-2024-34533
06 May 2024 — A SQL injection vulnerability in ZI PT Solusi Usaha Mudah Analytic Data Query module (aka izi_data) 11.0 through 17.x before 17.0.3 allows a remote attacker to gain privileges via a query to IZITools::query_check, IZITools::query_fetch, or IZITools::query_execute. Una vulnerabilidad de inyección SQL en el módulo ZI PT Solusi Usaha Mudah Analytic Data Query (también conocido como izi_data) 11.0 a 17.x anterior a 17.0.3 permite a un atacante remoto obtener privilegios a través de una consulta a IZITools::quer... • https://github.com/luvsn/OdZoo/tree/main/exploits/izi_data • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34534
https://notcve.org/view.php?id=CVE-2024-34534
06 May 2024 — A SQL injection vulnerability in Cybrosys Techno Solutions Text Commander module (aka text_commander) 16.0 through 16.0.1 allows a remote attacker to gain privileges via the data parameter to models/ir_model.py:IrModel::chech_model. Una vulnerabilidad de inyección SQL en el módulo Text Commander de Cybrosys Techno Solutions (también conocido como text_commander) 16.0 a 16.0.1 permite a un atacante remoto obtener privilegios a través del parámetro de datos para models/ir_model.py:IrModel::chech_model. • https://github.com/luvsn/OdZoo/tree/main/exploits/text_commander • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2023-48050
https://notcve.org/view.php?id=CVE-2023-48050
15 Dec 2023 — SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance (aka odoo-biometric-attendance) v. 13.0 through 16.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the db parameter in the controllers/controllers.py component. Vulnerabilidad de inyección SQL en Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance (también conocido como odoo-biometric-attendance) v. 13.0 a 16.0.1 permite a un ata... • https://github.com/luvsn/OdZoo/tree/main/exploits/odoo-biometric-attendance • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-23203 – Debian Security Advisory 5399-1
https://notcve.org/view.php?id=CVE-2021-23203
25 Apr 2023 — Improper access control in reporting engine of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to download PDF reports for arbitrary documents, via crafted requests. Several vulnerabilities were discovered in odoo, a suite of web based open source business apps. • https://github.com/odoo/odoo/issues/107695 • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-44547
https://notcve.org/view.php?id=CVE-2021-44547
25 Apr 2023 — A sandboxing issue in Odoo Community 15.0 and Odoo Enterprise 15.0 allows authenticated administrators to executed arbitrary code, leading to privilege escalation. • https://github.com/odoo/odoo/issues/107696 • CWE-267: Privilege Defined With Unsafe Actions •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-26947 – Debian Security Advisory 5399-1
https://notcve.org/view.php?id=CVE-2021-26947
25 Apr 2023 — Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via a crafted link. Several vulnerabilities were discovered in odoo, a suite of web based open source business apps. • https://github.com/odoo/odoo/issues/107694 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •