CVE-2021-44461

Name of the Vulnerable Software and Affected Versions Odoo Enterprise versions 13.0 through 15.0

Description The issue is a cross-site scripting (XSS) problem in the Accounting app, allowing remote attackers who can control the contents of accounting journal entries to inject arbitrary web script in a victim's browser. This can occur when an attacker manipulates the data in the accounting journal entries, which then executes in the victim's browser, potentially leading to unauthorized actions or data theft.

Recommendations For Odoo Enterprise versions 13.0 through 15.0, update to a version that includes a fix for this issue, as using an outdated version leaves the system open to XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.