CVE-2020-37014

EUVD-2020-30960
Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability by inserting script payloads in the name field, which execute in the frontend and backend user interfaces.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
VulnCheckCNA
6.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
Debian logo
Debian Releases
Debian Product
Codename
tryton-sao
bookworm
6.0.28+ds1-2+deb12u2
fixed
bookworm (security)
6.0.28+ds1-2+deb12u2
fixed
forky
7.0.42+ds1-1
fixed
sid
7.0.42+ds1-1
fixed
trixie
7.0.28+ds1-1+deb13u2
fixed
trixie (security)
7.0.28+ds1-1+deb13u2
fixed
Common Weakness Enumeration
References
https://www.exploit-db.com/exploits/48466
https://www.tryton.org/
https://www.tryton.org/download
https://www.vulncheck.com/advisories/tryton-persistent-cross-site-scripting
https://www.vulnerability-lab.com/get_content.php?id=2233