Cross-site Scripting Vulnerability in Odoo Community and Enterprise Applications
CVE-2021-44775

6.5MEDIUM

Key Information:

Vendor: Odoo
Status: Odoo Community; Odoo Enterprise
Vendor: CVE Published:; 25 April 2023

What is CVE-2021-44775?

A cross-site scripting vulnerability exists in the web applications of Odoo Community version 15.0 and earlier, as well as Odoo Enterprise version 15.0 and earlier. This issue permits remote attackers to inject malicious web scripts into victim browsers by exploiting crafted content. Such an exploit can lead to the execution of unauthorized scripts, compromising user data and application integrity, making it critical for users to implement proper security measures.

Affected Version(s)

Odoo Community 0 <= 15.0

Odoo Enterprise 0 <= 15.0

References

https://github.com/odoo/odoo/issues/107691

https://www.debian.org/security/2023/dsa-5399

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 25, 2023
Vulnerability Reserved
Dec 28, 2021

Credit

Holger Brunn