Vulnerabilities > Tryton > Trytond > 5.0.4

DATE CVE VULNERABILITY TITLE RISK
2022-03-10 CVE-2022-26661 XXE vulnerability in multiple products
An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1.
network
low complexity
tryton debian CWE-611
6.5
6.5
2022-03-10 CVE-2022-26662 XML Entity Expansion vulnerability in multiple products
An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1.
network
low complexity
tryton debian CWE-776
7.5
7.5
2019-04-05 CVE-2019-10868 Missing Authorization vulnerability in multiple products
In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 before 4.4.19, 4.6 before 4.6.14, 4.8 before 4.8.10, and 5.0 before 5.0.6, an authenticated user can order records based on a field for which he has no access right.
network
low complexity
tryton debian CWE-862
6.5
6.5