CVE-2021-26263

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-26263
Cross-site scripting (XSS) issue in Discuss app of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to inject arbitrary web script in the browser of a victim, by posting crafted contents.

6.1 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://github.com/odoo/odoo/issues/107693 Issue Tracking Patch Vendor Advisory
https://www.debian.org/security/2023/dsa-5399
https://github.com/odoo/odoo/issues/107693 Issue Tracking Patch Vendor Advisory
https://www.debian.org/security/2023/dsa-5399
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:odoo:odoo:14.0:*:*:*:community:*:*:*
cpe:2.3:a:odoo:odoo:14.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:odoo:odoo:15.0:*:*:*:community:*:*:*
cpe:2.3:a:odoo:odoo:15.0:*:*:*:enterprise:*:*:*
History

21 Nov 2024, 05:56

Type Values Removed Values Added
References () https://github.com/odoo/odoo/issues/107693 - Issue Tracking, Patch, Vendor Advisory () https://github.com/odoo/odoo/issues/107693 - Issue Tracking, Patch, Vendor Advisory
References () https://www.debian.org/security/2023/dsa-5399 - () https://www.debian.org/security/2023/dsa-5399 -

05 May 2023, 21:15

Type Values Removed Values Added
References
  • (MISC) https://www.debian.org/security/2023/dsa-5399 -

02 May 2023, 19:53

Type Values Removed Values Added
References (MISC) https://github.com/odoo/odoo/issues/107693 - (MISC) https://github.com/odoo/odoo/issues/107693 - Issue Tracking, Patch, Vendor Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.1
CWE CWE-79
CPE cpe:2.3:a:odoo:odoo:15.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:odoo:odoo:15.0:*:*:*:community:*:*:*
cpe:2.3:a:odoo:odoo:14.0:*:*:*:community:*:*:*
cpe:2.3:a:odoo:odoo:14.0:*:*:*:enterprise:*:*:*

25 Apr 2023, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-04-25 19:15

Updated : 2024-11-21 05:56

NVD link : CVE-2021-26263

Mitre link : CVE-2021-26263

CVE.ORG link : CVE-2021-26263

JSON object : View

Products Affected

odoo

  • odoo
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')