CVE-2014-3840
low
CVSS v3
—
CVSS v2
3.5
VIR risk
3.5
Description
Mayan EDMS multiple cross-site scripting (XSS) vulnerabilities
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — https://github.com/mayan-edms/mayan-edms/commit/398c480c10416d76e7c1dcb607e726e8fc988e72
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| PyPI | mayan-edms | | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| mayan-edms | mayan_edms | 0.13 | |
References
- http://research.openflare.org/advisories/OF-2014-09/mayan-edbs-storedxss.txt
- http://research.openflare.org/poc/maya-edms/maya-edms_multiple_xss.avi
- http://seclists.org/oss-sec/2014/q2/349
- http://seclists.org/oss-sec/2014/q2/352
- http://www.exploit-db.com/exploits/33493
- http://www.securityfocus.com/bid/67552
- https://github.com/mayan-edms/mayan-edms/commit/398c480c10416d76e7c1dcb607e726e8fc988e72
- https://github.com/mayan-edms/mayan-edms/issues/3
- https://nvd.nist.gov/vuln/detail/CVE-2014-3840
- https://github.com/mayan-edms/Mayan-EDMS
- https://github.com/pypa/advisory-database/tree/main/vulns/mayan-edms/PYSEC-2014-110.yaml
CWEs
CWE-79
Verify integrity in audit chain (admin only). AS-IS.