Ecosystem	Package	Version

Vulnerabilities

CVE-2025-66420

CVE-2025-66420

Tryton sao (aka tryton-sao) before 7.6.9 allows XSS via an HTML attachment. This is fixed in 7.6.9, 7.4.19, 7.0.38, and 6.0.67.

Published Dec 2, 2025

https://github.com/advisories/GHSA-xhgv-99mj-8m2x

CVSS ScoreMedium

6.2

Ecosystem	Package	Version


npm	tryton-sao	6.0.0
npm	tryton-sao	6.0.10
npm	tryton-sao	6.0.11
npm	tryton-sao	6.0.12
npm	tryton-sao	6.0.13
npm	tryton-sao	6.0.14
npm	tryton-sao	6.0.15
npm	tryton-sao	6.0.16
npm	tryton-sao	6.0.17
npm	tryton-sao	6.0.18
npm	tryton-sao	6.0.19
npm	tryton-sao	6.0.1
npm	tryton-sao	6.0.20
npm	tryton-sao	6.0.21
npm	tryton-sao	6.0.22
npm	tryton-sao	6.0.23
npm	tryton-sao	6.0.24
npm	tryton-sao	6.0.25
npm	tryton-sao	6.0.26
npm	tryton-sao	6.0.27
npm	tryton-sao	6.0.28
npm	tryton-sao	6.0.29
npm	tryton-sao	6.0.2
npm	tryton-sao	6.0.30
npm	tryton-sao	6.0.31
npm	tryton-sao	6.0.32
npm	tryton-sao	6.0.33
npm	tryton-sao	6.0.34
npm	tryton-sao	6.0.35
npm	tryton-sao	6.0.36
npm	tryton-sao	6.0.37
npm	tryton-sao	6.0.38
npm	tryton-sao	6.0.39
npm	tryton-sao	6.0.3
npm	tryton-sao	6.0.40
npm	tryton-sao	6.0.41
npm	tryton-sao	6.0.42
npm	tryton-sao	6.0.43
npm	tryton-sao	6.0.44
npm	tryton-sao	6.0.45
npm	tryton-sao	6.0.46
npm	tryton-sao	6.0.47
npm	tryton-sao	6.0.48
npm	tryton-sao	6.0.49
npm	tryton-sao	6.0.4
npm	tryton-sao	6.0.50
npm	tryton-sao	6.0.51
npm	tryton-sao	6.0.52
npm	tryton-sao	6.0.53
npm	tryton-sao	6.0.54

CVE-2025-66420 | Components Impacted | Sonatype Guide | Sonatype Guide