CVE-2021-44775

Description

Cross-site scripting (XSS) issue in Website app of Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, by posting crafted contents.

How to fix CVE-2021-44775

To remediate CVE-2021-44775, upgrade the affected package to a fixed version below.

Bitnami/odoo—upgrade to 15.0.1 or later
Debian/odoo—upgrade to 14.0.0+dfsg.2-7+deb11u1 or later

Is CVE-2021-44775 being exploited?

Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 15.0.1
from 0, < 14.0.0+dfsg.2-7+deb11u1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References (4)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2021-44775
WEBgithub.com/odoo/odoo/issues/107691
WEBnvd.nist.gov/vuln/detail/CVE-2021-44775
WEBwww.debian.org/security/2023/dsa-5399