EUVD-2025-199918

Tryton trytond 6.0 before 7.6.11 does not enforce access rights for the route of the HTML editor. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70...

CVE-2025-66422

Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back server setup information. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70...

PT-2025-48378

Tryton sao aka tryton-sao before 7.6.11 allows XSS because it does not escape completion values. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.69...

CVE-2025-66423

Tryton trytond 6.0 before 7.6.11 does not enforce access rights for the route of the HTML editor. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70...

CVE-2023-47185

Unauth. Stored Cross-Site Scripting XSS vulnerability in gVectors Team Comments — wpDiscuz plugin = 7.6.11 versions...

WordPress Link Library Plugin <= 7.6.11 is vulnerable to Cross Site Scripting (XSS)

Software Link Library Type Plugin Vulnerable versions = 7.6.11 Fixed in 7.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4281 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID abed5ec79423 Credits Krzysztof Zając Required...

Atlassian Jira 7.6.0 < 7.6.11 Xss In The Labels Widget Gadget

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is version 7.6.x prior to 7.6.11 or 7.7.x prior to 7.13.1. It is, therefore, affected by a vulnerability which permits remote attackers to inject arbitrary HTML or JavaScript via a cross...

Atlassian Jira 7.7.0 < 7.13.1 Xss In The Labels Widget Gadget

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is version 7.6.x prior to 7.6.11 or 7.7.x prior to 7.13.1. It is, therefore, affected by a vulnerability which permits remote attackers to inject arbitrary HTML or JavaScript via a cross...