{"id":"PYSEC-2014-110","details":"Multiple cross-site scripting (XSS) vulnerabilities in apps/common/templates/calculate_form_title.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a (1) tag or the (2) title of a source in a Staging folder, (3) Name field in a bootstrap setup, or Title field in a (4) smart link or (5) web form.","aliases":["CVE-2014-3840","GHSA-wpvx-26f7-65q3"],"modified":"2026-06-10T17:03:21.960240042Z","published":"2014-05-27T13:55:00Z","withdrawn":"2024-11-22T04:37:04Z","references":[{"type":"WEB","url":"http://www.securityfocus.com/bid/67552"},{"type":"WEB","url":"http://research.openflare.org/poc/maya-edms/maya-edms_multiple_xss.avi"},{"type":"EVIDENCE","url":"http://research.openflare.org/advisories/OF-2014-09/mayan-edbs-storedxss.txt"},{"type":"REPORT","url":"https://github.com/mayan-edms/mayan-edms/issues/3"},{"type":"WEB","url":"http://seclists.org/oss-sec/2014/q2/349"},{"type":"WEB","url":"http://seclists.org/oss-sec/2014/q2/352"},{"type":"EVIDENCE","url":"https://github.com/mayan-edms/mayan-edms/commit/398c480c10416d76e7c1dcb607e726e8fc988e72"},{"type":"FIX","url":"https://github.com/mayan-edms/mayan-edms/commit/398c480c10416d76e7c1dcb607e726e8fc988e72"},{"type":"WEB","url":"http://www.exploit-db.com/exploits/33493"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-wpvx-26f7-65q3"}],"affected":[{"package":{"name":"mayan-edms","ecosystem":"PyPI","purl":"pkg:pypi/mayan-edms"},"ranges":[{"type":"GIT","repo":"https://github.com/mayan-edms/mayan-edms","events":[{"introduced":"0"},{"fixed":"398c480c10416d76e7c1dcb607e726e8fc988e72"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.0.0","1.0.rc1","1.0.rc2","1.0.rc3","1.1.0","1.1.1","2.0.0","2.0.0b1","2.0.0b2","2.0.0rc1","2.0.1","2.0.2","2.1","2.1.1","2.1.10","2.1.11","2.1.2","2.1.3","2.1.4","2.1.5","2.1.6","2.1rc1","2.1rc2","2.2","2.2b1","2.2b2","2.2b3","2.2rc1","2.3","2.4","2.5","2.5.1","2.5.2","2.6","2.6.1","2.6.2","2.6.3","2.6.4","2.7","2.7.1","2.7.2","2.7.3","3.0","3.0.1","3.0.2","3.0.3","3.1","3.1.1","3.1.10","3.1.2","3.1.3","3.1.4","3.1.5","3.1.6","3.1.7","3.1.8","3.1.9","3.2","3.2.1","3.2.10","3.2.11","3.2.2","3.2.3","3.2.4","3.2.5","3.2.6","3.2.7","3.2.8","3.2.9","3.2b1","3.2rc1","3.3","3.3.1","3.3.10","3.3.11","3.3.12","3.3.13","3.3.14","3.3.15","3.3.16","3.3.17","3.3.18","3.3.2","3.3.3","3.3.4","3.3.5","3.3.6","3.3.7","3.3.8","3.3.9","3.4","3.4.1","3.4.10","3.4.11","3.4.12","3.4.13","3.4.14","3.4.15","3.4.16","3.4.17","3.4.18","3.4.19","3.4.2","3.4.20","3.4.21","3.4.22","3.4.3","3.4.4","3.4.5","3.4.6","3.4.7","3.4.8","3.4.9","3.5","3.5.1","3.5.10","3.5.11","3.5.12","3.5.2","3.5.3","3.5.4","3.5.5","3.5.6","3.5.7","3.5.8","3.5.9","4.0","4.0.1","4.0.10","4.0.11","4.0.12","4.0.13","4.0.14","4.0.15","4.0.16","4.0.17","4.0.18","4.0.19","4.0.2","4.0.20","4.0.21","4.0.22","4.0.23","4.0.24","4.0.3","4.0.4","4.0.5","4.0.6","4.0.7","4.0.8","4.0.9","4.0b1","4.0b2","4.0b3","4.0b4","4.0rc1","4.0rc2","4.0rc3","4.1","4.1.1","4.1.10","4.1.11","4.1.12","4.1.2","4.1.3","4.1.4","4.1.5","4.1.6","4.1.7","4.1.8","4.1.9","4.10","4.10.1","4.10.2","4.10.3","4.10.4","4.10.6","4.11.1","4.11.2","4.11.3","4.11.4","4.1b1","4.1b2","4.1rc1","4.1rc2","4.2","4.2.1","4.2.10","4.2.11","4.2.12","4.2.13","4.2.14","4.2.15","4.2.16","4.2.17","4.2.18","4.2.2","4.2.3","4.2.4","4.2.5","4.2.6","4.2.7","4.2.8","4.2.9","4.2a1","4.2b1","4.2rc1","4.3","4.3.1","4.3.10","4.3.11","4.3.12","4.3.2","4.3.3","4.3.4","4.3.5","4.3.6","4.3.7","4.3.8","4.3.9","4.3a1","4.3rc1","4.4","4.4.1","4.4.10","4.4.11","4.4.12","4.4.13","4.4.14","4.4.15","4.4.16","4.4.2","4.4.3","4.4.4","4.4.5","4.4.6","4.4.7","4.4.8","4.4.9","4.5","4.5.1","4.5.10","4.5.11","4.5.12","4.5.13","4.5.2","4.5.3","4.5.4","4.5.5","4.5.6","4.5.7","4.5.8","4.5.9","4.6","4.6.1","4.6.10","4.6.12","4.6.13","4.6.14","4.6.2","4.6.3","4.6.4","4.6.5","4.6.6","4.6.7","4.6.8","4.6.9","4.7","4.7.1","4.7.2","4.7.3","4.7.4","4.7.5","4.7.6","4.7.7","4.7.8","4.7.9","4.8","4.8.1","4.8.10","4.8.2","4.8.3","4.8.4","4.8.5","4.8.6","4.8.7","4.8.8","4.8.9","4.9","4.9.1","4.9.2","4.9.3","4.9.4","4.9.5","4.9.7","4.9.8","v0.5"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/mayan-edms/PYSEC-2014-110.yaml"}}],"schema_version":"1.7.5"}