An issue was discovered in Mayan EDMS before 3.0.2. The Appearance app sets window.location directly, leading to XSS.
CPE | Name | Operator | Version |
---|---|---|---|
mayan-edms | eq | 2.5.2 | |
mayan-edms | eq | 2.1.4 | |
mayan-edms | eq | 0.12.1 | |
mayan-edms | eq | 2.1.5 | |
mayan-edms | eq | 0.7 | |
mayan-edms | eq | 0.6 | |
mayan-edms | eq | 0.12.2 | |
mayan-edms | eq | 2.1.7 | |
mayan-edms | eq | 2.1 | |
mayan-edms | eq | 2.2b3 |