Vulnerability Details CVE-2018-16407
An issue was discovered in Mayan EDMS before 3.0.3. The Tags app has XSS because tag label values are mishandled.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.0%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- https://gitlab.com/mayan-edms/mayan-edms/blob/master/HISTORY.rst
- https://gitlab.com/mayan-edms/mayan-edms/commit/076468a9225e4630a463c0bbceb8e5b805fe380c
- https://gitlab.com/mayan-edms/mayan-edms/issues/496
- https://gitlab.com/mayan-edms/mayan-edms/blob/master/HISTORY.rst
- https://gitlab.com/mayan-edms/mayan-edms/commit/076468a9225e4630a463c0bbceb8e5b805fe380c
- https://gitlab.com/mayan-edms/mayan-edms/issues/496
Products affected by CVE-2018-16407
-
cpe:2.3:a:mayan-edms:mayan_edms:0.13
-
cpe:2.3:a:mayan-edms:mayan_edms:2.7.0
-
cpe:2.3:a:mayan-edms:mayan_edms:2.7.1
-
cpe:2.3:a:mayan-edms:mayan_edms:2.7.2
-
cpe:2.3:a:mayan-edms:mayan_edms:2.7.3
-
cpe:2.3:a:mayan-edms:mayan_edms:3.0.0
-
cpe:2.3:a:mayan-edms:mayan_edms:3.0.1
-
cpe:2.3:a:mayan-edms:mayan_edms:3.0.2