CVE-2021-26263 HIGH

CVE-2021-26263

Vendor Odoo

Product Odoo Community

Weakness CWE-79 · XSS

Published April 25, 2023

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

Cross-site scripting (XSS) issue in Discuss app of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to inject arbitrary web script in the browser of a victim, by posting crafted contents.

Key dates

02Disclosure timeline

April 25, 2023 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-26263 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2022-2186 Simple Post Notes < 1.7.6 - Admin+ Stored Cross-Site Scripting CVE-2026-6256 Credits Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'link' Shortcode Attribute CVE-2023-47690 WordPress Additional Order Filters for WooCommerce Plugin <= 1.10 is vulnerable to Cross Site Scripting (XSS) CVE-2024-13238 Typogrify - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-002 CVE-2020-37103 DotNetNuke 9.5 - Persistent Cross-Site Scripting

Identifiers

CVE CVE-2021-26263

CWE CWE-79

CVSS 7.5 / HIGH

Affected versions

Vendor Odoo

Product Odoo Community

Affected ≥ 14.0 and ≤ 15.0

Vendor Odoo

Product Odoo Enterprise

Affected ≥ 14.0 and ≤ 15.0