Hi Mathias, On Tue, Dec 02, 2025 at 10:02:55AM +0100, Mathias Behrle wrote: > * Debian Bug Tracking System: " Processed: retitle 1121233 to tryton-sao: > CVE-2025-66421: Stored XSS Vulnerability Found in Party Field Leading to > Arbitrary JavaScript Execution" (Sun, 30 Nov 2025 06:47:01 +0000): > > JFTR: > > Brandon Da Costa commented: > https://foss.heptapod.net/tryton/tryton/-/issues/14363#note_494386 > > > @mbehrle The CVE on the official CVE publication was stated as a CVSS 5.4 but > the advisory stated it to be 7.3. I think that this should be updated so > people > understand the true severity.
FTR, we do not really care about CVSS, so in fact I even did not propose one when requesting the CVEs. I will see if I can trigger an update to the entry by the CNA. Regards, Salvatore
