CVE-2020-37014

NameCVE-2020-37014
DescriptionTryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability by inserting script payloads in the name field, which execute in the frontend and backend user interfaces.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
tryton-sao (PTS)bookworm, bookworm (security)6.0.28+ds1-2+deb12u2fixed
trixie (security), trixie7.0.28+ds1-1+deb13u2fixed
forky, sid7.0.42+ds1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
tryton-saosource(unstable)5.0.26-1

Notes

https://www.exploit-db.com/exploits/48466
https://www.vulnerability-lab.com/get_content.php?id=2233
ttps://discuss.tryton.org/t/security-release-for-issue9351/2772
https://foss.heptapod.net/tryton/tryton/-/issues/9351
Search for package or bug name: Reporting problems