CVE-2021-44461: XSS
First published: Tue Apr 25 2023(Updated: )
Cross-site scripting (XSS) issue in Accounting app of Odoo Enterprise 13.0 through 15.0, allows remote attackers who are able to control the contents of accounting journal entries to inject arbitrary web script in the browser of a victim.
Credit: security@odoo.com security@odoo.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Odoo Odoo | >=13.0<=15.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-44461?
CVE-2021-44461 is a cross-site scripting (XSS) vulnerability in the Accounting app of Odoo Enterprise 13.0 through 15.0.
How does CVE-2021-44461 affect Odoo Enterprise?
CVE-2021-44461 allows remote attackers to inject arbitrary web script in the browser of a victim by controlling the contents of accounting journal entries.
What is the severity of CVE-2021-44461?
The severity of CVE-2021-44461 is medium, with a CVSS score of 6.1.
How can I fix CVE-2021-44461 in Odoo Enterprise?
To fix CVE-2021-44461, update Odoo Enterprise to a version higher than 15.0 or apply the appropriate patch provided by the vendor.
Where can I find more information about CVE-2021-44461?
You can find more information about CVE-2021-44461 on the GitHub issue: https://github.com/odoo/odoo/issues/107686
- collector/nvd-index
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/references
- agent/author
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/odoo
- canonical/odoo odoo
- version/odoo odoo/13.0
- version/odoo odoo/15.0