mayan-edms is vulnerable to cross-site scripting (XSS) attacks. The window.location.hash
value is passed directly to window.location
which allows an attacker to execute arbitrary JavaScript code on a victim’s browser.
CPE | Name | Operator | Version |
---|---|---|---|
mayan-edms | le | 3.0.1 |