Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-44461

Cross-site scripting (XSS) issue in Accounting app of Odoo Enterprise 13.0 through 15.0, allows remote attackers who are able to control the contents of accounting journal entries to inject arbitrary web script in the browser of a victim.

Published

2023-04-25T19:15:09.670

Last Modified

2024-11-21T06:31:01.323

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

Weaknesses

Type: Secondary
CWE-79
Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	odoo	odoo	≤ 15.0	Yes

References

https://github.com/odoo/odoo/issues/107686 Issue Tracking, Vendor Advisory ([email protected])
https://github.com/odoo/odoo/issues/107686 Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)