CVE-2025-14692
- EPSS 0.4%
- Veröffentlicht 14.12.2025 23:32:09
- Zuletzt bearbeitet 29.04.2026 01:00:01
A flaw has been found in Mayan EDMS up to 4.10.1. The impacted element is an unknown function of the file /authentication/. This manipulation causes open redirect. It is possible to initiate the attack remotely. The exploit has been published and may...
CVE-2025-14691
- EPSS 0.39%
- Veröffentlicht 14.12.2025 23:02:08
- Zuletzt bearbeitet 29.04.2026 01:00:01
A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit is now public an...
CVE-2022-47419
- EPSS 0.54%
- Veröffentlicht 07.02.2023 22:15:11
- Zuletzt bearbeitet 25.03.2025 14:15:19
An XSS vulnerability was discovered in the Mayan EDMS DMS. Successful XSS exploitation was observed in the in-product tagging system.
CVE-2018-16405
- EPSS 1.33%
- Veröffentlicht 03.09.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 03:52:41
An issue was discovered in Mayan EDMS before 3.0.2. The Appearance app sets window.location directly, leading to XSS.
CVE-2018-16406
- EPSS 1.33%
- Veröffentlicht 03.09.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 03:52:41
An issue was discovered in Mayan EDMS before 3.0.2. The Cabinets app has XSS via a crafted cabinet label.
CVE-2018-16407
- EPSS 1.21%
- Veröffentlicht 03.09.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 03:52:41
An issue was discovered in Mayan EDMS before 3.0.3. The Tags app has XSS because tag label values are mishandled.
CVE-2014-3840
- EPSS 3.48%
- Veröffentlicht 27.05.2014 13:55:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple cross-site scripting (XSS) vulnerabilities in apps/common/templates/calculate_form_title.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a (1) tag or the (2) title of a source in a Staging ...