CVE-2025-66421 MEDIUM

CVE-2025-66421

Vendor Tryton
Product sao
Weakness CWE-79 · XSS
Published November 30, 2025
Last update December 1, 2025
View on NVD All CVEs

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Tryton sao (aka tryton-sao) before 7.6.11 allows XSS because it does not escape completion values. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.69.

Key dates

02Disclosure timeline

November 30, 2025 CVE published
December 1, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-26034 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2021-24239 Pie Register < 3.7.0.1 - Reflected Cross-Site Scripting (XSS) CVE-2024-7948 SourceCodester Accounts Manager App Update Account Page update-account.php cross site scripting CVE-2026-3241 Concrete CMS below version 9.4.8 is vulnerable to a stored cross-site scripting (XSS) in the "Legacy Form" block. CVE-2022-0662 Adrotate < 5.8.23 - Admin+ XSS via Advert Name