Nixpkgs Security Tracker

Permalink CVE-2020-37014

6.4 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): NONE

updated 1 month, 2 weeks ago by @jopejoe1 Activity log

Created automatic suggestion 1 month, 3 weeks ago
@jopejoe1 removed package tryton 1 month, 2 weeks ago
@jopejoe1 dismissed 1 month, 2 weeks ago

Tryton 5.4 - Persistent Cross-Site Scripting

Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability by inserting script payloads in the name field, which execute in the frontend and backend user interfaces.

References

ExploitDB-48466 exploit
Official Tryton Homepage product
Tryton Download Page product
Vulnerability Lab Advisory third-party-advisory
VulnCheck Advisory: Tryton 5.4 - Persistent Cross-Site Scripting third-party-advisory

Affected products

Tryton

=<5.4

Matching in nixpkgs

pkgs.trytond

Server of the Tryton application platform

nixos-unstable 7.6.7
- nixpkgs-unstable 7.6.7
- nixos-unstable-small 7.6.7

pkgs.python312Packages.trytond

Server of the Tryton application platform

nixos-unstable 7.6.7
- nixpkgs-unstable 7.6.7
- nixos-unstable-small 7.6.7

pkgs.python313Packages.trytond

Server of the Tryton application platform

nixos-unstable 7.6.7
- nixpkgs-unstable 7.6.7
- nixos-unstable-small 7.6.7

Package maintainers

@udono Udo Spallek <udono@virtual-things.biz>
@johbo Johannes Bornhold <johannes@bornhold.name>

Current stable was never impacted

https://github.com/NixOS/nixpkgs/commit/218c8509c6ce25945c2c253d15e9542033d4de44

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.trytond

pkgs.python312Packages.trytond

pkgs.python313Packages.trytond

Package maintainers