tryton trytond CVE 漏洞(10)

CVE 數: 10 CPE versions: View versions table

摘要

本頁列出影響 tryton trytond 的已公開 CVE 漏洞(透過 NVD CPE 關聯)。每列包含嚴重程度評分、摘要與發布日期,便於識別與分析安全議題。

顯示 11010 CVE 數
«« 第一頁 « 上一頁 第 1 / 1 頁 下一頁 »
CVE 摘要 來源 最高 CVSS EPSS % 公開時間 更新時間
CVE-2020-37014 Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability by inserting script payloads in the name field, which execute in the frontend and backend user interfaces. [email protected] 5.1 0.31% 2026-01-30 2026-06-16
CVE-2025-66424 Tryton trytond 6.0 before 7.6.11 does not enforce access rights for data export. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70. [email protected] 6.5 0.20% 2025-11-29 2026-06-17
CVE-2025-66423 Tryton trytond 6.0 before 7.6.11 does not enforce access rights for the route of the HTML editor. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70. [email protected] 7.1 0.19% 2025-11-29 2026-06-17
CVE-2025-66422 Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back (server setup) information. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70. [email protected] 4.3 0.25% 2025-11-29 2026-06-17
CVE-2022-26662 An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An unauthenticated user can send a crafted XML-RPC message to consume all the resources of the server. [email protected] 7.5 1.88% 2022-03-10 2026-06-17
CVE-2022-26661 An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An authenticated user can make the server parse a crafted XML SEPA file to access arbitrary files on the system. [email protected] 6.5 1.37% 2022-03-10 2026-06-17
CVE-2012-2238 trytond 2.4: ModelView.button fails to validate authorization [email protected] 7.5 1.76% 2019-11-21 2026-06-16
CVE-2019-10868 In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 before 4.4.19, 4.6 before 4.6.14, 4.8 before 4.8.10, and 5.0 before 5.0.6, an authenticated user can order records based on a field for which he has no access right. This may allow the user to guess values. [email protected] 6.5 1.28% 2019-04-04 2026-06-16
CVE-2015-0861 model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write to arbitrary fields via a sequence of records. [email protected] 4.3 1.15% 2016-04-13 2026-06-16
CVE-2012-0215 model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a (1) create, (2) write, (3) delete, or (4) copy rpc call. [email protected] 5.5 1.97% 2012-07-12 2026-06-16
«« 第一頁 « 上一頁 第 1 / 1 頁 下一頁 »
cvelogic Threat Intelligence