CVE-2021-26263

MEDIUM6.1EPSS 0.19%

Published: 4/25/2023Modified: 4/28/2026

Description

Cross-site scripting (XSS) issue in Discuss app of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to inject arbitrary web script in the browser of a victim, by posting crafted contents.

Affected packages (2)

Bitnami/odoo>= 14.0.0, < 14.0.1, >= 15.0.0, < 15.0.1
Debian/odoofrom 0, < 14.0.0+dfsg.2-7+deb11u1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References (4)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2021-26263
WEBhttps://github.com/odoo/odoo/issues/107693
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2021-26263
WEBhttps://www.debian.org/security/2023/dsa-5399