CVE-2025-66420

Summary

Tryton sao (aka tryton-sao) before 7.6.9 allows XSS via an HTML attachment. This is fixed in 7.6.9, 7.4.19, 7.0.38, and 6.0.67.

Affected Software

VendorProductVersion RangeStatus
Trytonsao0 < 6.0.67affected
Trytonsao7.0.0 < 7.0.38affected
Trytonsao7.1.0 < 7.4.19affected
Trytonsao7.5.0 < 7.6.9affected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References