Nixpkgs security tracker
Untriaged
Permalink
CVE-2020-37014
6.4 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): CHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): LOW
- Availability impact (A): NONE
Activity log
- Created suggestion
Tryton 5.4 - Persistent Cross-Site Scripting
Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability by inserting script payloads in the name field, which execute in the frontend and backend user interfaces.
References
-
ExploitDB-48466 exploit
-
Official Tryton Homepage product
-
Tryton Download Page product
-
Vulnerability Lab Advisory third-party-advisory
-
VulnCheck Advisory: Tryton 5.4 - Persistent Cross-Site Scripting third-party-advisory
Affected products
Tryton
- =<5.4
Matching in nixpkgs
pkgs.tryton
Client of the Tryton application platform
pkgs.trytond
Server of the Tryton application platform
pkgs.python312Packages.trytond
Server of the Tryton application platform
Package maintainers
-
@johbo Johannes Bornhold <johannes@bornhold.name>
-
@udono Udo Spallek <udono@virtual-things.biz>