Lucene search
K

358 matches found

RedhatCVE
RedhatCVE
added 2025/12/01 2:16 p.m.5 views

CVE-2025-66423

Tryton trytond 6.0 before 7.6.11 does not enforce access rights for the route of the HTML editor. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70...

7.1CVSS6.7AI score0.00196EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2025/12/01 12:0 a.m.4 views

Debian: Security Advisory (DLA-4388-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.8AI score0.00251EPSS
Exploits1References2
Snyk
Snyk
added 2025/11/30 3:41 a.m.3 views

Cross-site Scripting (XSS)

Overview tryton-sao is a Tryton webclient Affected versions of this package are vulnerable to Cross-site Scripting XSS via the search completion process. An attacker can execute arbitrary JavaScript code in the context of a user's browser by submitting crafted input that is not properly escaped...

5.4CVSS5.3AI score0.00144EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/30 3:39 a.m.2 views

Cross-site Scripting (XSS)

Overview tryton-sao is a Tryton webclient Affected versions of this package are vulnerable to Cross-site Scripting XSS via the HTML element used to display the documents. An attacker can execute arbitrary JavaScript code in the context of the user's browser by uploading a crafted HTML file as an...

8.7CVSS5.3AI score0.00144EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/11/30 3:30 a.m.6 views

Tryton sao allows XSS because it does not escape completion values

Tryton sao aka tryton-sao before 7.6.11 allows XSS because it does not escape completion values. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.69...

5.4CVSS6.3AI score0.00144EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/30 3:30 a.m.5 views

Tryton sao allows XSS via an HTML attachment

Tryton sao aka tryton-sao before 7.6.9 allows XSS via an HTML attachment. This is fixed in 7.6.9, 7.4.19, 7.0.38, and 6.0.67...

5.4CVSS6.1AI score0.00144EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/11/30 3:30 a.m.4 views

GHSA-XHGV-99MJ-8M2X Tryton sao allows XSS via an HTML attachment

Tryton sao aka tryton-sao before 7.6.9 allows XSS via an HTML attachment. This is fixed in 7.6.9, 7.4.19, 7.0.38, and 6.0.67...

5.4CVSS6AI score0.00144EPSS
Exploits0References4
EUVD
EUVD
added 2025/11/30 3:30 a.m.7 views

EUVD-2025-199919

Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back server setup information. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70...

4.3CVSS6.2AI score0.00251EPSS
Exploits1References3
EUVD
EUVD
added 2025/11/30 3:30 a.m.5 views

EUVD-2025-199921

Tryton sao aka tryton-sao before 7.6.9 allows XSS via an HTML attachment. This is fixed in 7.6.9, 7.4.19, 7.0.38, and 6.0.67...

5.4CVSS5.5AI score0.00144EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/30 3:30 a.m.8 views

EUVD-2025-199920

Tryton sao aka tryton-sao before 7.6.11 allows XSS because it does not escape completion values. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.69...

5.4CVSS5.8AI score0.00144EPSS
Exploits0References3
OSV
OSV
added 2025/11/30 3:30 a.m.5 views

GHSA-6QJ9-2G9M-29X9 Tryton sao allows XSS because it does not escape completion values

Tryton sao aka tryton-sao before 7.6.11 allows XSS because it does not escape completion values. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.69...

5.4CVSS6.2AI score0.00144EPSS
Exploits0References4
NVD
NVD
added 2025/11/30 3:15 a.m.10 views

CVE-2025-66421

Tryton sao aka tryton-sao before 7.6.11 allows XSS because it does not escape completion values. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.69...

5.4CVSS0.00144EPSS
Exploits0References2
OSV
OSV
added 2025/11/30 3:15 a.m.4 views

DEBIAN-CVE-2025-66421

Tryton sao aka tryton-sao before 7.6.11 allows XSS because it does not escape completion values. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.69...

5.4CVSS5.1AI score0.00144EPSS
Exploits0References1
NVD
NVD
added 2025/11/30 3:15 a.m.6 views

CVE-2025-66422

Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back server setup information. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70...

4.3CVSS0.00251EPSS
Exploits1References2
OSV
OSV
added 2025/11/30 3:15 a.m.3 views

DEBIAN-CVE-2025-66420

Tryton sao aka tryton-sao before 7.6.9 allows XSS via an HTML attachment. This is fixed in 7.6.9, 7.4.19, 7.0.38, and 6.0.67...

5.4CVSS5.1AI score0.00144EPSS
Exploits0References1
NVD
NVD
added 2025/11/30 3:15 a.m.8 views

CVE-2025-66420

Tryton sao aka tryton-sao before 7.6.9 allows XSS via an HTML attachment. This is fixed in 7.6.9, 7.4.19, 7.0.38, and 6.0.67...

5.4CVSS0.00144EPSS
Exploits0References2
OSV
OSV
added 2025/11/30 3:15 a.m.5 views

UBUNTU-CVE-2025-66422

Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back server setup information. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70...

4.3CVSS5.8AI score0.00251EPSS
Exploits1References4
OSV
OSV
added 2025/11/30 3:15 a.m.3 views

UBUNTU-CVE-2025-66424

Tryton trytond 6.0 before 7.6.11 does not enforce access rights for data export. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70...

6.5CVSS5.8AI score0.00208EPSS
Exploits0References4
OSV
OSV
added 2025/11/30 3:15 a.m.2 views

UBUNTU-CVE-2025-66420

Tryton sao aka tryton-sao before 7.6.9 allows XSS via an HTML attachment. This is fixed in 7.6.9, 7.4.19, 7.0.38, and 6.0.67...

5.4CVSS5.8AI score0.00144EPSS
Exploits0References4
OSV
OSV
added 2025/11/30 3:15 a.m.3 views

UBUNTU-CVE-2025-66421

Tryton sao aka tryton-sao before 7.6.11 allows XSS because it does not escape completion values. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.69...

5.4CVSS5.8AI score0.00144EPSS
Exploits0References5
Rows per page
Query Builder