{"id":"PYSEC-2018-15","details":"An issue was discovered in Mayan EDMS before 3.0.3. The Tags app has XSS because tag label values are mishandled.","aliases":["CVE-2018-16407","GHSA-5h6m-9mvx-m6c5"],"modified":"2023-11-08T03:59:59.332292Z","published":"2018-09-03T19:29:00Z","references":[{"type":"WEB","url":"https://gitlab.com/mayan-edms/mayan-edms/issues/496"},{"type":"WEB","url":"https://gitlab.com/mayan-edms/mayan-edms/commit/076468a9225e4630a463c0bbceb8e5b805fe380c"},{"type":"WEB","url":"https://gitlab.com/mayan-edms/mayan-edms/blob/master/HISTORY.rst"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-5h6m-9mvx-m6c5"}],"affected":[{"package":{"name":"mayan-edms","ecosystem":"PyPI","purl":"pkg:pypi/mayan-edms"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.0.3"}]}],"versions":["1.0.0","1.0.rc1","1.0.rc2","1.0.rc3","1.1.0","1.1.1","2.0.0","2.0.0b1","2.0.0b2","2.0.0rc1","2.0.1","2.0.2","2.1","2.1.1","2.1.10","2.1.11","2.1.2","2.1.3","2.1.4","2.1.5","2.1.6","2.1rc1","2.1rc2","2.2","2.2b1","2.2b2","2.2b3","2.2rc1","2.3","2.4","2.5","2.5.1","2.5.2","2.6","2.6.1","2.6.2","2.6.3","2.6.4","2.7","2.7.1","2.7.2","2.7.3","3.0","3.0.1","3.0.2"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/mayan-edms/PYSEC-2018-15.yaml"}}],"schema_version":"1.7.3"}