GHSA-fpcv-j2q9-vqhw

Source

https://github.com/advisories/GHSA-fpcv-j2q9-vqhw

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/09/GHSA-fpcv-j2q9-vqhw/GHSA-fpcv-j2q9-vqhw.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-fpcv-j2q9-vqhw

Aliases

Published

2018-09-06T03:24:50Z

Modified

2024-09-30T20:35:46.052514Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N CVSS Calculator

Summary

mayan-edms Cross-site Scripting vulnerability

Details

An issue was discovered in Mayan EDMS before 3.0.2. The Appearance app sets window.location directly, leading to XSS.

Database specific

{
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:35:03Z",
    "nvd_published_at": null,
    "severity": "MODERATE",
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

PyPI / mayan-edms

Package

Name: mayan-edms; View open source insights on deps.dev
Purl: pkg:pypi/mayan-edms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.2

Affected versions

1.*

1.0.rc1

1.0.rc2

1.0.rc3

1.0.0

1.1.0

1.1.1

2.*

2.0.0b1

2.0.0b2

2.0.0rc1

2.0.0

2.0.1

2.0.2

2.1rc1

2.1rc2

2.1

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.1.10

2.1.11

2.2b1

2.2b2

2.2b3

2.2rc1

2.2

2.3

2.4

2.5

2.5.1

2.5.2

2.6

2.6.1

2.6.2

2.6.3

2.6.4

2.7

2.7.1

2.7.2

2.7.3

3.*

3.0

3.0.1

PyPI / mayan-edms-ng

Package

Name: mayan-edms-ng; View open source insights on deps.dev
Purl: pkg:pypi/mayan-edms-ng

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.2

Affected versions

2.*

2.8

3.*

3.0

3.0.1