Tryton trytond 6.0 before 7.6.11 does not enforce access rights for the route of the HTML editor. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.
GHSA-p3p5-xrmv-4j6x: Tryton trytond 6.0 before 7.6.11 does not enforce access rights for the route of the HTML editor....
Tryton trytond 6.0 before 7.6.11 fails to enforce access rights for the HTML editor route, potentially leading to unauthorized access or remote code execution (RCE).