138 matches found
Kordil EDMS 2.2.60rc3 - Arbitrary File Upload
Kordil EDMS 2.2.60rc3 - Arbitrary File Upload Exploit Title: Kordil EDMS 2.2.60rc3 - Arbitrary File Upload Dork: N/A Date: 2018-11-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.kordil.net/ Software Link:...
Kordil EDMS 2.2.60rc3 - Arbitrary File Upload
Exploit Title: Kordil EDMS 2.2.60rc3 - Arbitrary File Upload Dork: N/A Date: 2018-11-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.kordil.net/ Software Link: https://vorboss.dl.sourceforge.net/project/kordiledms/Kordil%20EDMS%20v2.2.60rc3/kordiledmsinstaller.exe Version: 2.2.60rc3...
GHSA-5H6M-9MVX-M6C5 Moderate severity vulnerability that affects mayan-edms
An issue was discovered in Mayan EDMS before 3.0.3. The Tags app has XSS because tag label values are mishandled...
Moderate severity vulnerability that affects mayan-edms
An issue was discovered in Mayan EDMS before 3.0.3. The Tags app has XSS because tag label values are mishandled...
GHSA-5R76-CJF4-C9QX Moderate severity vulnerability that affects mayan-edms
An issue was discovered in Mayan EDMS before 3.0.2. The Cabinets app has XSS via a crafted cabinet label...
Moderate severity vulnerability that affects mayan-edms
An issue was discovered in Mayan EDMS before 3.0.2. The Cabinets app has XSS via a crafted cabinet label...
GHSA-FPCV-J2Q9-VQHW mayan-edms Cross-site Scripting vulnerability
An issue was discovered in Mayan EDMS before 3.0.2. The Appearance app sets window.location directly, leading to XSS...
mayan-edms Cross-site Scripting vulnerability
An issue was discovered in Mayan EDMS before 3.0.2. The Appearance app sets window.location directly, leading to XSS...
Cross-site Scripting (XSS)
mayan-edms is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization of node.label in the jstreedata function of mayan/apps/cabinets/widgets.py, causing XSS attacks...
Cross-site Scripting (XSS)
mayan-edms is vulnerable to cross-site scripting XSS attacks. The library does not properly escape tag labels, allowing a malicious user to inject and execute arbitrary Javascript...
Cross-Site Scripting (XSS)
mayan-edms is vulnerable to cross-site scripting XSS attacks. The window.location.hash value is passed directly to window.location which allows an attacker to execute arbitrary JavaScript code on a victim's browser...
Mayan EDMS Cross-Site Scripting Vulnerability (CNVD-2019-09817)
Mayan EDMS is a document management system developed by software developer Roberto Rosario. The system supports electronic signatures, version control and optical character recognition. A cross-site scripting vulnerability exists in Mayan EDMS versions prior to 3.0.2. The vulnerability stems from...
Mayan EDMS Cross-Site Scripting Vulnerability
Mayan EDMS is a document management system developed by software developer Roberto Rosario. The system supports electronic signatures, version control, optical character recognition, etc. Tags app is one of the tag management applications. A cross-site scripting vulnerability exists in the Tags a...
PYSEC-2018-106
An issue was discovered in Mayan EDMS before 3.0.2. The Appearance app sets window.location directly, leading to XSS...
CVE-2018-16405
An issue was discovered in Mayan EDMS before 3.0.2. The Appearance app sets window.location directly, leading to XSS...
CVE-2018-16407
An issue was discovered in Mayan EDMS before 3.0.3. The Tags app has XSS because tag label values are mishandled...
Design/Logic Flaw
An issue was discovered in Mayan EDMS before 3.0.3. The Tags app has XSS because tag label values are mishandled...
PYSEC-2018-14
An issue was discovered in Mayan EDMS before 3.0.2. The Cabinets app has XSS via a crafted cabinet label...
PYSEC-2018-15
An issue was discovered in Mayan EDMS before 3.0.3. The Tags app has XSS because tag label values are mishandled...
Cross site scripting
An issue was discovered in Mayan EDMS before 3.0.2. The Appearance app sets window.location directly, leading to XSS...