Iamsushi

**Name of the Vulnerable Software and Affected Versions** Odoo Community versions 14.0 through 15.0 Odoo Enterprise versions 14.0 through 15.0 **Description** The issue is related to improper access control in the reporting engine, allowing remote attackers to download PDF reports for arbitrary documents via crafted requests. **Recommendations** For Odoo Community versions 14.0 through 15.0, update to a version that includes the fix for this issue. For Odoo Enterprise versions 14.0 through 15.0, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the reporting engine to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Odoo Community versions 14.0 through 15.0 Odoo Enterprise versions 14.0 through 15.0 **Description** The issue is a cross-site scripting (XSS) problem in the Discuss app, allowing remote attackers to inject arbitrary web script in the browser of a victim by posting crafted contents. **Recommendations** For Odoo Community versions 14.0 through 15.0, update to a version that includes a fix for this issue. For Odoo Enterprise versions 14.0 through 15.0, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the Discuss app until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Odoo Community versions prior to 13.0 Odoo Enterprise versions prior to 13.0 **Description** The issue is related to improper input validation in the portal component, allowing remote attackers to trick victims into modifying their account via crafted links, leading to privilege escalation. **Recommendations** For Odoo Community versions prior to 13.0, update to version 13.0 or later to resolve the issue. For Odoo Enterprise versions prior to 13.0, update to version 13.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the portal component to minimize the risk of exploitation.