CVE-2021-26263

Summary

Cross-site scripting (XSS) issue in Discuss app of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to inject arbitrary web script in the browser of a victim, by posting crafted contents.

Affected Software

VendorProductVersion RangeStatus
OdooOdoo Community14.0 <= 15.0affected
OdooOdoo Enterprise14.0 <= 15.0affected

Weaknesses

  • CWE-79: Cross-site Scripting (XSS)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References