CVE-2021-26263: XSS
First published: Tue Apr 25 2023(Updated: )
Cross-site scripting (XSS) issue in Discuss app of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to inject arbitrary web script in the browser of a victim, by posting crafted contents.
Credit: security@odoo.com security@odoo.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Odoo Odoo | =14.0 | |
| Odoo Odoo | =14.0 | |
| Odoo Odoo | =15.0 | |
| Odoo Odoo | =15.0 | |
| debian/odoo | 14.0.0+dfsg.2-7+deb11u1 16.0.0+dfsg.2-1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-26263?
The severity of CVE-2021-26263 is high.
How does CVE-2021-26263 affect Odoo Community?
CVE-2021-26263 affects Odoo Community versions 14.0 and 15.0.
How does CVE-2021-26263 affect Odoo Enterprise?
CVE-2021-26263 affects Odoo Enterprise versions 14.0 and 15.0.
What is the impact of CVE-2021-26263?
CVE-2021-26263 allows remote attackers to inject arbitrary web script in the browser of a victim through the Discuss app of Odoo.
How can I fix CVE-2021-26263?
To fix CVE-2021-26263, update to Odoo Community 16.0.0+dfsg.2-1.1 or apply the necessary security updates from Debian.
- collector/nvd-index
- collector/security-tracker-debian
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/author
- agent/remedy
- agent/last-modified-date
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/odoo
- canonical/odoo odoo
- version/odoo odoo/14.0
- version/odoo odoo/15.0
- package-manager/debian