CVE-2020-37014

Name of the Vulnerable Software and Affected Versions Tryton version 5.4

Description Tryton 5.4 contains a persistent cross-site scripting issue in the user profile name input. This allows remote attackers to inject malicious scripts. Attackers can exploit this by inserting script payloads in the name field, which execute in both the frontend and backend user interfaces.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.