Bug#1121233: Processed: retitle 1121233 to tryton-sao: CVE-2025-66421: Stored XSS Vulnerability Found in Party Field Leading to Arbitrary JavaScript Execution
Hi Mathias, On Tue, Dec 02, 2025 at 10:02:55AM +0100, Mathias Behrle wrote: > * Debian Bug Tracking System: " Processed: retitle 1121233 to tryton-sao: > CVE-2025-66421: Stored XSS Vulnerability Found in Party Field Leading to > Arbitrary JavaScript Execution" (Sun, 30 Nov 2025 06:47:01 +): > > JFTR: > > Brandon Da Costa commented: > https://foss.heptapod.net/tryton/tryton/-/issues/14363#note_494386 > > > @mbehrle The CVE on the official CVE publication was stated as a CVSS 5.4 but > the advisory stated it to be 7.3. I think that this should be updated so > people > understand the true severity. FTR, we do not really care about CVSS, so in fact I even did not propose one when requesting the CVEs. I will see if I can trigger an update to the entry by the CNA. Regards, Salvatore
Bug#1121233: Processed: retitle 1121233 to tryton-sao: CVE-2025-66421: Stored XSS Vulnerability Found in Party Field Leading to Arbitrary JavaScript Execution
* Debian Bug Tracking System: " Processed: retitle 1121233 to tryton-sao: CVE-2025-66421: Stored XSS Vulnerability Found in Party Field Leading to Arbitrary JavaScript Execution" (Sun, 30 Nov 2025 06:47:01 +): JFTR: Brandon Da Costa commented: https://foss.heptapod.net/tryton/tryton/-/issues/14363#note_494386 @mbehrle The CVE on the official CVE publication was stated as a CVSS 5.4 but the advisory stated it to be 7.3. I think that this should be updated so people understand the true severity. -- Mathias Behrle PGP/GnuPG key availabable from any keyserver, ID: 0xD6D09BE48405BBF6 AC29 7E5C 46B9 D0B6 1C71 7681 D6D0 9BE4 8405 BBF6
