Several vulnerabilities were discovered in odoo, a suite of web based open source business apps. CVE-2021-44775, CVE-2021-26947, CVE-2021-45071, CVE-2021-26263: XSS allowing remote attacker to inject arbitrary commands. CVE-2021-45111: Incorrect access control allowing authenticated remote user to create user accounts and access restricted data. CVE-2021-44476, CVE-2021-23166: Incorrect access control allowing authenticated remote administrator to access local files on the server. CVE-2021-23186: Incorrect access control allowing authenticated remote administrator to modify database contents of other tenants. CVE-2021-23178: Incorrect access control allowing authenticated remote user to use another user"s payment method. CVE-2021-23176: Incorrect access control allowing authenticated remote user to access accounting information. CVE-2021-23203: Incorrect access control allowing authenticated remote user to access arbitrary documents via PDF exports.