VYPR

npm package

tryton-sao

pkg:npm/tryton-sao

Vulnerabilities (2)

  • CVE-2025-66421MedNov 30, 2025
    affected >= 7.5.0, < 7.6.11fixed 7.6.11

    Tryton sao (aka tryton-sao) before 7.6.11 allows XSS because it does not escape completion values. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.69.

  • CVE-2025-66420MedNov 30, 2025
    affected >= 7.5.0, < 7.6.9fixed 7.6.9

    Tryton sao (aka tryton-sao) before 7.6.9 allows XSS via an HTML attachment. This is fixed in 7.6.9, 7.4.19, 7.0.38, and 6.0.67.