Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-26947 PoC — Odoo 跨站脚本漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-26947.yaml
Associated Vulnerability
Title:Odoo 跨站脚本漏洞 (CVE-2021-26947)
Description:Odoo是比利时Odoo公司的一套企业资源计划(ERP)和客户关系管理(CRM)系统。该系统采用Python语言开发,PostgreSQL作为数据库,并包括销售管理、库存管理、财务管理等模块。 Odoo存在安全漏洞。攻击者利用该漏洞通过设计链接在受害者的浏览器中注入任意web脚本。以下产品及版本受到影响:Odoo Community 15.0版本及之前版本,Odoo Enterprise 15.0版本及之前版本。
Description
A cross-site scripting (XSS) vulnerability in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote attackers to inject arbitrary web scripts into the browser of a victim via a crafted link. This issue could lead to the execution of malicious scripts in the context of the user's browser session.
File Snapshot

 id: CVE-2021-26947

info:
  name: Odoo <= 15.0 - Cross-Site Scripting
  author: ritikchaddha
  sever

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.