CVE-2025-14692
- EPSS 0.15%
- Veröffentlicht 14.12.2025 23:32:09
- Zuletzt bearbeitet 05.03.2026 19:26:55
A flaw has been found in Mayan EDMS up to 4.10.1. The impacted element is an unknown function of the file /authentication/. This manipulation causes open redirect. It is possible to initiate the attack remotely. The exploit has been published and may...
CVE-2025-14691
- EPSS 0.1%
- Veröffentlicht 14.12.2025 23:02:08
- Zuletzt bearbeitet 05.03.2026 19:27:48
A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit is now public an...
CVE-2022-47419
- EPSS 0.26%
- Veröffentlicht 07.02.2023 22:15:11
- Zuletzt bearbeitet 25.03.2025 14:15:19
An XSS vulnerability was discovered in the Mayan EDMS DMS. Successful XSS exploitation was observed in the in-product tagging system.
CVE-2018-16405
- EPSS 0.32%
- Veröffentlicht 03.09.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 03:52:41
An issue was discovered in Mayan EDMS before 3.0.2. The Appearance app sets window.location directly, leading to XSS.
CVE-2018-16406
- EPSS 0.27%
- Veröffentlicht 03.09.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 03:52:41
An issue was discovered in Mayan EDMS before 3.0.2. The Cabinets app has XSS via a crafted cabinet label.
CVE-2018-16407
- EPSS 0.29%
- Veröffentlicht 03.09.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 03:52:41
An issue was discovered in Mayan EDMS before 3.0.3. The Tags app has XSS because tag label values are mishandled.
CVE-2014-3840
- EPSS 1.07%
- Veröffentlicht 27.05.2014 13:55:06
- Zuletzt bearbeitet 12.04.2025 10:46:40
Multiple cross-site scripting (XSS) vulnerabilities in apps/common/templates/calculate_form_title.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a (1) tag or the (2) title of a source in a Staging ...