npm package
tryton-sao
pkg:npm/tryton-sao
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-66421 | Med | 5.4 | >= 7.5.0, < 7.6.11 | 7.6.11 | Nov 30, 2025 | Tryton sao (aka tryton-sao) before 7.6.11 allows XSS because it does not escape completion values. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.69. | |
| CVE-2025-66420 | Med | 5.4 | >= 7.5.0, < 7.6.9 | 7.6.9 | Nov 30, 2025 | Tryton sao (aka tryton-sao) before 7.6.9 allows XSS via an HTML attachment. This is fixed in 7.6.9, 7.4.19, 7.0.38, and 6.0.67. |
- affected >= 7.5.0, < 7.6.11fixed 7.6.11
Tryton sao (aka tryton-sao) before 7.6.11 allows XSS because it does not escape completion values. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.69.
- affected >= 7.5.0, < 7.6.9fixed 7.6.9
Tryton sao (aka tryton-sao) before 7.6.9 allows XSS via an HTML attachment. This is fixed in 7.6.9, 7.4.19, 7.0.38, and 6.0.67.