[tryton-announces] 5.6.4
5.6.4 URL: https://libraries.io/npm/tryton-sao/5.6.4
[tryton-announces] Security Release for issue9394
Security Release for issue9394 Synopsis A vulnerability in sao has been found by Cédric Krier. With issue9394, the web client does not escape the HTML tags from user data. This allows cross-site scripting attacks which can result in session hijacking, persistent phishing attacks, and persistent external redirects to a malicious source. Impact CVSS v3.0 Base Score: 3.5 Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: Required Scope: Unchanged Confidentiality: Low Integrity: Low Availability: None Workaround There is no existing workaround. Resolution All affected users should upgrade sao to the latest version. Affected versions per series: 5.6: <= 5.6.3 5.4: <= 5.4.9 5.2: <= 5.2.17 5.0: <=5.0.25 Non affected versions per series: 5.6: >= 5.6.4 5.4: >= 5.4.10 5.2: >= 5.2.18 5.0: >= 5.0.26 Reference issue9394 Concern? Any security concerns should be reported on the bug-tracker at https://bugs.tryton.org/ with the type security . 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/security-release-for-issue9394/2947
[tryton-announces] Security Release for issue9405
Security Release for issue9405 Synopsis A vulnerability in sao has been found by Coopengo and solved by Nicolas Évrard. With issue 9405, the web client does not escape the HTML tags from user data in richtext widgets. This allows cross-site scripting attacks which can result in session hijacking, persistent phishing attacks, and persistent external redirects to a malicious source. Impact CVSS v3.0 Base Score: 4.6 Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: Required Scope: Unchanged Confidentiality: Low Integrity: Low Availability: None Workaround There is no existing workaround. Resolution All affected users should upgrade sao to the latest version. Affected versions per series: 5.6: <= 5.6.3 5.4: <= 5.4.9 5.2: <= 5.2.17 5.0: <=5.0.25 Non affected versions per series: 5.6: >= 5.6.4 5.4: >= 5.4.10 5.2: >= 5.2.18 5.0: >= 5.0.26 Reference issue9405 Concern? Any security concerns should be reported on the bug-tracker at https://bugs.tryton.org/ with the type security . 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/security-release-for-issue9405/2948
[tryton-announces] 5.2.17
5.2.17 URL: https://libraries.io/npm/tryton-sao/5.2.17
[tryton-announces] 5.4.9
5.4.9 URL: https://libraries.io/npm/tryton-sao/5.4.9
[tryton-announces] 5.4.10
5.4.10 URL: https://libraries.io/npm/tryton-sao/5.4.10
[tryton-announces] 5.2.18
5.2.18 URL: https://libraries.io/npm/tryton-sao/5.2.18
[tryton-announces] 5.6.3
5.6.3 URL: https://libraries.io/npm/tryton-sao/5.6.3
