CVE-2021-44461Cross-site Scripting in Enterprise

CWE-79Cross-site Scripting2 documents2 sources
Severity
6.1MEDIUMNVD
EPSS
0.4%
top 38.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Odoo EnterpriseOdoo
Timeline
PublishedApr 25

Description

Cross-site scripting (XSS) issue in Accounting app of Odoo Enterprise 13.0 through 15.0, allows remote attackers who are able to control the contents of accounting journal entries to inject arbitrary web script in the browser of a victim.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5odoo/odoo_enterprise13.015.0
NVDodoo/odoo13.015.0

🔴Vulnerability Details

1
GHSA
GHSA-hjwx-mjwp-j356: Cross-site scripting (XSS) issue in Accounting app of Odoo Enterprise 132023-04-25