GHSA-5h6m-9mvx-m6c5
Suggest an improvement- Source
- https://github.com/advisories/GHSA-5h6m-9mvx-m6c5
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/09/GHSA-5h6m-9mvx-m6c5/GHSA-5h6m-9mvx-m6c5.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-5h6m-9mvx-m6c5
- Aliases
- Published
- 2018-09-06T03:25:03Z
- Modified
- 2024-09-24T15:45:01.838016Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- 5.1 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N CVSS Calculator
- Summary
- Moderate severity vulnerability that affects mayan-edms
- Details
-
An issue was discovered in Mayan EDMS before 3.0.3. The Tags app has XSS because tag label values are mishandled.
- Database specific
{ "nvd_published_at": null, "github_reviewed_at": "2020-06-16T21:16:17Z", "github_reviewed": true, "severity": "MODERATE", "cwe_ids": [ "CWE-79" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2018-16407
- https://github.com/advisories/GHSA-5h6m-9mvx-m6c5
- https://github.com/pypa/advisory-database/tree/main/vulns/mayan-edms/PYSEC-2018-15.yaml
- https://gitlab.com/mayan-edms/mayan-edms
- https://gitlab.com/mayan-edms/mayan-edms/blob/master/HISTORY.rst
- https://gitlab.com/mayan-edms/mayan-edms/commit/076468a9225e4630a463c0bbceb8e5b805fe380c
- https://gitlab.com/mayan-edms/mayan-edms/issues/496
Affected packages
PyPI / mayan-edms
Package
- Name
- mayan-edms
- View open source insights on deps.dev
- Purl
- pkg:pypi/mayan-edms
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.3
Affected versions
1.*
1.0.rc1
1.0.rc2
1.0.rc3
1.0.0
1.1.0
1.1.1
2.*
2.0.0b1
2.0.0b2
2.0.0rc1
2.0.0
2.0.1
2.0.2
2.1rc1
2.1rc2
2.1
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.10
2.1.11
2.2b1
2.2b2
2.2b3
2.2rc1
2.2
2.3
2.4
2.5
2.5.1
2.5.2
2.6
2.6.1
2.6.2
2.6.3
2.6.4
2.7
2.7.1
2.7.2
2.7.3
3.*
3.0
3.0.1
3.0.2