.. / CVE-2023-1434

Exploit for Odoo - Cross-Site Scripting (CVE-2023-1434)

Description:

Odoo is a business suite that has features for many business-critical areas, such as e-commerce, billing, or CRM. Versions before the 16.0 release are vulnerable to CVE-2023-1434 and is caused by an incorrect content type being set on an API endpoint.

Nuclei Template

View the template here CVE-2023-1434.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-1434.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-1434
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1434
https://www.sonarsource.com/blog/odoo-get-your-content-type-right-or-else