CVE-2020-37014

EUVD-2020-30960
Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability by inserting script payloads in the name field, which execute in the frontend and backend user interfaces.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
VulnCheckCNA
6.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
trytontryton
𝑥
≤ 5.4
CNA
Debian logo
Debian Releases
Debian Product
Codename
tryton-sao
bookworm
6.0.28+ds1-2+deb12u2
fixed
bookworm (security)
6.0.28+ds1-2+deb12u2
fixed
forky
7.0.42+ds1-1
fixed
sid
7.0.42+ds1-1
fixed
trixie
7.0.28+ds1-1+deb13u2
fixed
trixie (security)
7.0.28+ds1-1+deb13u2
fixed
Common Weakness Enumeration
References
https://www.exploit-db.com/exploits/48466
https://www.tryton.org/
https://www.tryton.org/download
https://www.vulncheck.com/advisories/tryton-persistent-cross-site-scripting
https://www.vulnerability-lab.com/get_content.php?id=2233