Subash Sn

Name of the Vulnerable Software and Affected Versions: Odoo Community versions 13.0 and earlier Odoo Enterprise versions 13.0 and earlier Description: The issue allows remote attackers to inject arbitrary web script in the browser of a victim via crafted channel names in the mail module. This is a cross-site scripting (XSS) issue. Recommendations: For Odoo Community versions 13.0 and earlier, update to a version later than 13.0 to resolve the issue. For Odoo Enterprise versions 13.0 and earlier, update to a version later than 13.0 to resolve the issue. As a temporary workaround, consider restricting access to the mail module until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Odoo Community versions prior to 13.0 Odoo Enterprise versions prior to 13.0 **Description** The issue allows remote attackers to inject arbitrary web script in the browser of an internal user by tricking them into inviting a follower on a document with a crafted name. This is a cross-site scripting issue in the Discuss App. **Recommendations** For Odoo Community versions prior to 13.0, update to version 13.0 or later to resolve the issue. For Odoo Enterprise versions prior to 13.0, update to version 13.0 or later to resolve the issue.