{"url":"http://public2.vulnerablecode.io/api/packages/106122?format=json","purl":"pkg:deb/debian/tryton-sao@7.0.28%2Bds1-1%2Bdeb13u2?distro=trixie","type":"deb","namespace":"debian","name":"tryton-sao","version":"7.0.28+ds1-1+deb13u2","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"5.0.26-1","latest_non_vulnerable_version":"7.0.47+ds1-2","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94918?format=json","vulnerability_id":"VCID-6fte-gr6j-tbcn","summary":"Tryton sao (aka tryton-sao) before 7.6.9 allows XSS via an HTML attachment. This is fixed in 7.6.9, 7.4.19, 7.0.38, and 6.0.67.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66420","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06995","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66420"},{"reference_url":"https://foss.heptapod.net/tryton/tryton/-/issues/14290","reference_id":"14290","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T13:33:09Z/"}],"url":"https://foss.heptapod.net/tryton/tryton/-/issues/14290"},{"reference_url":"https://discuss.tryton.org/t/security-release-for-issue-14290/8895","reference_id":"8895","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T13:33:09Z/"}],"url":"https://discuss.tryton.org/t/security-release-for-issue-14290/8895"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66420","reference_id":"CVE-2025-66420","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66420"},{"reference_url":"https://github.com/advisories/GHSA-xhgv-99mj-8m2x","reference_id":"GHSA-xhgv-99mj-8m2x","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xhgv-99mj-8m2x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/106123?format=json","purl":"pkg:deb/debian/tryton-sao@6.0.28%2Bds1-2%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tryton-sao@6.0.28%252Bds1-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/106119?format=json","purl":"pkg:deb/debian/tryton-sao@6.0.28%2Bds1-2%2Bdeb12u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tryton-sao@6.0.28%252Bds1-2%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/106125?format=json","purl":"pkg:deb/debian/tryton-sao@7.0.28%2Bds1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tryton-sao@7.0.28%252Bds1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/106122?format=json","purl":"pkg:deb/debian/tryton-sao@7.0.28%2Bds1-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tryton-sao@7.0.28%252Bds1-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/106124?format=json","purl":"pkg:deb/debian/tryton-sao@7.0.38%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tryton-sao@7.0.38%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/106121?format=json","purl":"pkg:deb/debian/tryton-sao@7.0.47%2Bds1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tryton-sao@7.0.47%252Bds1-2%3Fdistro=trixie"}],"aliases":["CVE-2025-66420","GHSA-xhgv-99mj-8m2x"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6fte-gr6j-tbcn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94870?format=json","vulnerability_id":"VCID-saxw-hvsf-ckfk","summary":"Tryton sao (aka tryton-sao) before 7.6.11 allows XSS because it does not escape completion values. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.69.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66421","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06995","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66421"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121233","reference_id":"1121233","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121233"},{"reference_url":"https://foss.heptapod.net/tryton/tryton/-/issues/14363","reference_id":"14363","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T13:33:17Z/"}],"url":"https://foss.heptapod.net/tryton/tryton/-/issues/14363"},{"reference_url":"https://discuss.tryton.org/t/security-release-for-issue-14363/8951","reference_id":"8951","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T13:33:17Z/"}],"url":"https://discuss.tryton.org/t/security-release-for-issue-14363/8951"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66421","reference_id":"CVE-2025-66421","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66421"},{"reference_url":"https://github.com/advisories/GHSA-6qj9-2g9m-29x9","reference_id":"GHSA-6qj9-2g9m-29x9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6qj9-2g9m-29x9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/106119?format=json","purl":"pkg:deb/debian/tryton-sao@6.0.28%2Bds1-2%2Bdeb12u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tryton-sao@6.0.28%252Bds1-2%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/106122?format=json","purl":"pkg:deb/debian/tryton-sao@7.0.28%2Bds1-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tryton-sao@7.0.28%252Bds1-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/106126?format=json","purl":"pkg:deb/debian/tryton-sao@7.0.40%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tryton-sao@7.0.40%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/106121?format=json","purl":"pkg:deb/debian/tryton-sao@7.0.47%2Bds1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tryton-sao@7.0.47%252Bds1-2%3Fdistro=trixie"}],"aliases":["CVE-2025-66421","GHSA-6qj9-2g9m-29x9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-saxw-hvsf-ckfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/153040?format=json","vulnerability_id":"VCID-tr9a-w6gd-rkck","summary":"Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability by inserting script payloads in the name field, which execute in the frontend and backend user interfaces.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-37014","reference_id":"","reference_type":"","scores":[{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23828","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-37014"},{"reference_url":"https://www.exploit-db.com/exploits/48466","reference_id":"48466","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-30T16:31:50Z/"}],"url":"https://www.exploit-db.com/exploits/48466"},{"reference_url":"https://www.tryton.org/download","reference_id":"download","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-30T16:31:50Z/"}],"url":"https://www.tryton.org/download"},{"reference_url":"https://www.vulnerability-lab.com/get_content.php?id=2233","reference_id":"get_content.php?id=2233","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-30T16:31:50Z/"}],"url":"https://www.vulnerability-lab.com/get_content.php?id=2233"},{"reference_url":"https://www.vulncheck.com/advisories/tryton-persistent-cross-site-scripting","reference_id":"tryton-persistent-cross-site-scripting","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-30T16:31:50Z/"}],"url":"https://www.vulncheck.com/advisories/tryton-persistent-cross-site-scripting"},{"reference_url":"https://www.tryton.org/","reference_id":"www.tryton.org","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-30T16:31:50Z/"}],"url":"https://www.tryton.org/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/106120?format=json","purl":"pkg:deb/debian/tryton-sao@5.0.26-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tryton-sao@5.0.26-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/106119?format=json","purl":"pkg:deb/debian/tryton-sao@6.0.28%2Bds1-2%2Bdeb12u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tryton-sao@6.0.28%252Bds1-2%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/106122?format=json","purl":"pkg:deb/debian/tryton-sao@7.0.28%2Bds1-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tryton-sao@7.0.28%252Bds1-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/106121?format=json","purl":"pkg:deb/debian/tryton-sao@7.0.47%2Bds1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tryton-sao@7.0.47%252Bds1-2%3Fdistro=trixie"}],"aliases":["CVE-2020-37014"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tr9a-w6gd-rkck"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tryton-sao@7.0.28%252Bds1-1%252Bdeb13u2%3Fdistro=trixie"}