Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/mayan-edms@3.0.2
Typepypi
Namespace
Namemayan-edms
Version3.0.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.10.2
Latest_non_vulnerable_version4.10.2
Affected_by_vulnerabilities
0
url VCID-92gn-k1jm-47fe
vulnerability_id VCID-92gn-k1jm-47fe
summary A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to version 4.10.2 is sufficient to fix this issue. You should upgrade the affected component. The vendor confirms that this is "[f]ixed in version 4.10.2". Furthermore, that "[b]ackports for older versions in process and will be out as soon as their respective CI pipelines complete."
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-14691
reference_id
reference_type
scores
0
value 0.0006
scoring_system epss
scoring_elements 0.18976
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-14691
1
reference_url https://docs.mayan-edms.com/chapters/releases/4.10.2.html
reference_id
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C
1
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
2
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
3
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-15T20:06:05Z/
url https://docs.mayan-edms.com/chapters/releases/4.10.2.html
2
reference_url https://docs.mayan-edms.com/chapters/releases/4.10.2.html#security
reference_id
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C
1
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
2
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
3
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
4
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
6
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
7
value LOW
scoring_system generic_textual
scoring_elements
8
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-15T20:06:05Z/
url https://docs.mayan-edms.com/chapters/releases/4.10.2.html#security
3
reference_url https://github.com/ionutluca888/Mayan-EDMS-XSS-POC
reference_id
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C
1
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
2
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
3
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
6
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
7
value LOW
scoring_system generic_textual
scoring_elements
8
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-15T20:06:05Z/
url https://github.com/ionutluca888/Mayan-EDMS-XSS-POC
4
reference_url https://github.com/mayan-edms/Mayan-EDMS
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/mayan-edms/Mayan-EDMS
5
reference_url https://gitlab.com/mayan-edms/mayan-edms/-/commit/45355cbb45a28f61f38f719112d0ff422e6dc688
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://gitlab.com/mayan-edms/mayan-edms/-/commit/45355cbb45a28f61f38f719112d0ff422e6dc688
6
reference_url https://gitlab.com/mayan-edms/mayan-edms/-/commit/94032fbe553e97b33e4e9b9e731b4fc45f9d9f91
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://gitlab.com/mayan-edms/mayan-edms/-/commit/94032fbe553e97b33e4e9b9e731b4fc45f9d9f91
7
reference_url https://gitlab.com/mayan-edms/mayan-edms/-/commit/da9de60a9b84f11d5d2c7bbf118fe696b4f6357e
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://gitlab.com/mayan-edms/mayan-edms/-/commit/da9de60a9b84f11d5d2c7bbf118fe696b4f6357e
8
reference_url https://vuldb.com/?ctiid.336409
reference_id
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C
1
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
2
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
3
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
6
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
7
value LOW
scoring_system generic_textual
scoring_elements
8
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-15T20:06:05Z/
url https://vuldb.com/?ctiid.336409
9
reference_url https://vuldb.com/?id.336409
reference_id
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C
1
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
2
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
3
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
6
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
7
value LOW
scoring_system generic_textual
scoring_elements
8
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-15T20:06:05Z/
url https://vuldb.com/?id.336409
10
reference_url https://vuldb.com/?submit.711713
reference_id
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C
1
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
2
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
3
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
4
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
6
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
7
value LOW
scoring_system generic_textual
scoring_elements
8
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-15T20:06:05Z/
url https://vuldb.com/?submit.711713
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-14691
reference_id CVE-2025-14691
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-14691
12
reference_url https://github.com/advisories/GHSA-774q-r975-vqwp
reference_id GHSA-774q-r975-vqwp
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-774q-r975-vqwp
fixed_packages
0
url pkg:pypi/mayan-edms@4.6.12
purl pkg:pypi/mayan-edms@4.6.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-92gn-k1jm-47fe
1
vulnerability VCID-mynh-sahb-2be8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mayan-edms@4.6.12
1
url pkg:pypi/mayan-edms@4.7.8
purl pkg:pypi/mayan-edms@4.7.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-92gn-k1jm-47fe
1
vulnerability VCID-mynh-sahb-2be8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mayan-edms@4.7.8
2
url pkg:pypi/mayan-edms@4.8.10
purl pkg:pypi/mayan-edms@4.8.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-92gn-k1jm-47fe
1
vulnerability VCID-mynh-sahb-2be8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mayan-edms@4.8.10
3
url pkg:pypi/mayan-edms@4.9.7
purl pkg:pypi/mayan-edms@4.9.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-92gn-k1jm-47fe
1
vulnerability VCID-mynh-sahb-2be8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mayan-edms@4.9.7
4
url pkg:pypi/mayan-edms@4.10.2
purl pkg:pypi/mayan-edms@4.10.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mayan-edms@4.10.2
aliases CVE-2025-14691, GHSA-774q-r975-vqwp, PYSEC-2025-134
risk_score 2.8
exploitability 0.5
weighted_severity 5.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-92gn-k1jm-47fe
1
url VCID-etyd-8wdw-6fg9
vulnerability_id VCID-etyd-8wdw-6fg9
summary An issue was discovered in Mayan EDMS before 3.0.3. The Tags app has XSS because tag label values are mishandled.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-16407
reference_id
reference_type
scores
0
value 0.0029
scoring_system epss
scoring_elements 0.52708
published_at 2026-06-05T12:55:00Z
1
value 0.0029
scoring_system epss
scoring_elements 0.52649
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-16407
1
reference_url https://github.com/advisories/GHSA-5h6m-9mvx-m6c5
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-5h6m-9mvx-m6c5
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mayan-edms/PYSEC-2018-15.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mayan-edms/PYSEC-2018-15.yaml
3
reference_url https://gitlab.com/mayan-edms/mayan-edms
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gitlab.com/mayan-edms/mayan-edms
4
reference_url https://gitlab.com/mayan-edms/mayan-edms/blob/master/HISTORY.rst
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gitlab.com/mayan-edms/mayan-edms/blob/master/HISTORY.rst
5
reference_url https://gitlab.com/mayan-edms/mayan-edms/commit/076468a9225e4630a463c0bbceb8e5b805fe380c
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gitlab.com/mayan-edms/mayan-edms/commit/076468a9225e4630a463c0bbceb8e5b805fe380c
6
reference_url https://gitlab.com/mayan-edms/mayan-edms/issues/496
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gitlab.com/mayan-edms/mayan-edms/issues/496
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-16407
reference_id CVE-2018-16407
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-16407
fixed_packages
0
url pkg:pypi/mayan-edms@3.0.3
purl pkg:pypi/mayan-edms@3.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-92gn-k1jm-47fe
1
vulnerability VCID-ex64-9sg9-3kdu
2
vulnerability VCID-mynh-sahb-2be8
3
vulnerability VCID-yhh7-wbkc-r7ec
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mayan-edms@3.0.3
aliases CVE-2018-16407, GHSA-5h6m-9mvx-m6c5, PYSEC-2018-15
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-etyd-8wdw-6fg9
2
url VCID-ex64-9sg9-3kdu
vulnerability_id VCID-ex64-9sg9-3kdu
summary An XSS vulnerability was discovered in the Mayan EDMS DMS. Successful XSS exploitation was observed in the in-product tagging system.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-47419
reference_id
reference_type
scores
0
value 0.00264
scoring_system epss
scoring_elements 0.50168
published_at 2026-06-05T12:55:00Z
1
value 0.00264
scoring_system epss
scoring_elements 0.50107
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-47419
1
reference_url https://github.com/mayan-edms/Mayan-EDMS
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mayan-edms/Mayan-EDMS
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mayan-edms/PYSEC-2023-276.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mayan-edms/PYSEC-2023-276.yaml
3
reference_url https://www.mayan-edms.com/news/2023/02/version-4.3.6
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.mayan-edms.com/news/2023/02/version-4.3.6
4
reference_url https://www.mayan-edms.com/news/2023/02/version-4.3.6/
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-25T14:02:51Z/
url https://www.mayan-edms.com/news/2023/02/version-4.3.6/
5
reference_url https://www.rapid7.com/blog/post/2023/02/07/multiple-dms-xss-cve-2022-47412-through-cve-20222-47419
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.rapid7.com/blog/post/2023/02/07/multiple-dms-xss-cve-2022-47412-through-cve-20222-47419
6
reference_url https://www.rapid7.com/blog/post/2023/02/07/multiple-dms-xss-cve-2022-47412-through-cve-20222-47419/
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-25T14:02:51Z/
url https://www.rapid7.com/blog/post/2023/02/07/multiple-dms-xss-cve-2022-47412-through-cve-20222-47419/
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-47419
reference_id CVE-2022-47419
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-47419
8
reference_url https://github.com/advisories/GHSA-5m6v-2xgf-qhrw
reference_id GHSA-5m6v-2xgf-qhrw
reference_type
scores
url https://github.com/advisories/GHSA-5m6v-2xgf-qhrw
fixed_packages
0
url pkg:pypi/mayan-edms@4.3.6
purl pkg:pypi/mayan-edms@4.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-92gn-k1jm-47fe
1
vulnerability VCID-mynh-sahb-2be8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mayan-edms@4.3.6
1
url pkg:pypi/mayan-edms@4.4
purl pkg:pypi/mayan-edms@4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-92gn-k1jm-47fe
1
vulnerability VCID-mynh-sahb-2be8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mayan-edms@4.4
aliases CVE-2022-47419, GHSA-5m6v-2xgf-qhrw, PYSEC-2023-276
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ex64-9sg9-3kdu
3
url VCID-mynh-sahb-2be8
vulnerability_id VCID-mynh-sahb-2be8
summary A flaw has been found in Mayan EDMS up to 4.10.1. The impacted element is an unknown function of the file /authentication/. This manipulation causes open redirect. It is possible to initiate the attack remotely. The exploit has been published and may be used. Upgrading to version 4.10.2 is sufficient to resolve this issue. The affected component should be upgraded. The vendor confirms that this is "[f]ixed in version 4.10.2". Furthermore, that "[b]ackports for older versions in process and will be out as soon as their respective CI pipelines complete."
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-14692
reference_id
reference_type
scores
0
value 0.00085
scoring_system epss
scoring_elements 0.24777
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-14692
1
reference_url https://docs.mayan-edms.com/chapters/releases/4.10.2.html
reference_id
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C
1
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
2
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
3
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-15T20:04:54Z/
url https://docs.mayan-edms.com/chapters/releases/4.10.2.html
2
reference_url https://docs.mayan-edms.com/chapters/releases/4.10.2.html#security
reference_id
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C
1
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
2
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
3
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
6
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
7
value LOW
scoring_system generic_textual
scoring_elements
8
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-15T20:04:54Z/
url https://docs.mayan-edms.com/chapters/releases/4.10.2.html#security
3
reference_url https://github.com/ionutluca888/Mayan-EDMS-OpenRedirect-POC/tree/main
reference_id
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C
1
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
2
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
3
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
6
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
7
value LOW
scoring_system generic_textual
scoring_elements
8
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-15T20:04:54Z/
url https://github.com/ionutluca888/Mayan-EDMS-OpenRedirect-POC/tree/main
4
reference_url https://gitlab.com/mayan-edms/mayan-edms
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://gitlab.com/mayan-edms/mayan-edms
5
reference_url https://gitlab.com/mayan-edms/mayan-edms/-/commit/45355cbb45a28f61f38f719112d0ff422e6dc688
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://gitlab.com/mayan-edms/mayan-edms/-/commit/45355cbb45a28f61f38f719112d0ff422e6dc688
6
reference_url https://gitlab.com/mayan-edms/mayan-edms/-/commit/94032fbe553e97b33e4e9b9e731b4fc45f9d9f91
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://gitlab.com/mayan-edms/mayan-edms/-/commit/94032fbe553e97b33e4e9b9e731b4fc45f9d9f91
7
reference_url https://gitlab.com/mayan-edms/mayan-edms/-/commit/da9de60a9b84f11d5d2c7bbf118fe696b4f6357e
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://gitlab.com/mayan-edms/mayan-edms/-/commit/da9de60a9b84f11d5d2c7bbf118fe696b4f6357e
8
reference_url https://vuldb.com/?ctiid.336410
reference_id
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C
1
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
2
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
3
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
6
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
7
value LOW
scoring_system generic_textual
scoring_elements
8
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-15T20:04:54Z/
url https://vuldb.com/?ctiid.336410
9
reference_url https://vuldb.com/?id.336410
reference_id
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C
1
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
2
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
3
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
4
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
6
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
7
value LOW
scoring_system generic_textual
scoring_elements
8
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-15T20:04:54Z/
url https://vuldb.com/?id.336410
10
reference_url https://vuldb.com/?submit.711729
reference_id
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C
1
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
2
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
3
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
4
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
6
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
7
value LOW
scoring_system generic_textual
scoring_elements
8
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-15T20:04:54Z/
url https://vuldb.com/?submit.711729
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-14692
reference_id CVE-2025-14692
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-14692
12
reference_url https://github.com/advisories/GHSA-x37w-7p52-8f49
reference_id GHSA-x37w-7p52-8f49
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x37w-7p52-8f49
fixed_packages
0
url pkg:pypi/mayan-edms@4.6.12
purl pkg:pypi/mayan-edms@4.6.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-92gn-k1jm-47fe
1
vulnerability VCID-mynh-sahb-2be8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mayan-edms@4.6.12
1
url pkg:pypi/mayan-edms@4.7.8
purl pkg:pypi/mayan-edms@4.7.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-92gn-k1jm-47fe
1
vulnerability VCID-mynh-sahb-2be8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mayan-edms@4.7.8
2
url pkg:pypi/mayan-edms@4.8.10
purl pkg:pypi/mayan-edms@4.8.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-92gn-k1jm-47fe
1
vulnerability VCID-mynh-sahb-2be8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mayan-edms@4.8.10
3
url pkg:pypi/mayan-edms@4.9.7
purl pkg:pypi/mayan-edms@4.9.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-92gn-k1jm-47fe
1
vulnerability VCID-mynh-sahb-2be8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mayan-edms@4.9.7
4
url pkg:pypi/mayan-edms@4.10.2
purl pkg:pypi/mayan-edms@4.10.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mayan-edms@4.10.2
aliases CVE-2025-14692, GHSA-x37w-7p52-8f49, PYSEC-2025-135
risk_score 2.8
exploitability 0.5
weighted_severity 5.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mynh-sahb-2be8
4
url VCID-yhh7-wbkc-r7ec
vulnerability_id VCID-yhh7-wbkc-r7ec
summary Multiple cross-site scripting (XSS) vulnerabilities in apps/common/templates/calculate_form_title.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a (1) tag or the (2) title of a source in a Staging folder, (3) Name field in a bootstrap setup, or Title field in a (4) smart link or (5) web form.
references
0
reference_url http://research.openflare.org/advisories/OF-2014-09/mayan-edbs-storedxss.txt
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://research.openflare.org/advisories/OF-2014-09/mayan-edbs-storedxss.txt
1
reference_url http://research.openflare.org/poc/maya-edms/maya-edms_multiple_xss.avi
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://research.openflare.org/poc/maya-edms/maya-edms_multiple_xss.avi
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3840
reference_id
reference_type
scores
0
value 0.01071
scoring_system epss
scoring_elements 0.78105
published_at 2026-06-05T12:55:00Z
1
value 0.01071
scoring_system epss
scoring_elements 0.78078
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3840
3
reference_url http://seclists.org/oss-sec/2014/q2/349
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/oss-sec/2014/q2/349
4
reference_url http://seclists.org/oss-sec/2014/q2/352
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/oss-sec/2014/q2/352
5
reference_url https://github.com/mayan-edms/Mayan-EDMS
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mayan-edms/Mayan-EDMS
6
reference_url https://github.com/mayan-edms/mayan-edms/commit/398c480c10416d76e7c1dcb607e726e8fc988e72
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mayan-edms/mayan-edms/commit/398c480c10416d76e7c1dcb607e726e8fc988e72
7
reference_url https://github.com/mayan-edms/mayan-edms/issues/3
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mayan-edms/mayan-edms/issues/3
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mayan-edms/PYSEC-2014-110.yaml
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mayan-edms/PYSEC-2014-110.yaml
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3840
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3840
10
reference_url http://www.exploit-db.com/exploits/33493
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.exploit-db.com/exploits/33493
11
reference_url http://www.securityfocus.com/bid/67552
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/67552
12
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/33493.txt
reference_id CVE-2014-3840;OSVDB-107292;OSVDB-107291;OSVDB-107290;OSVDB-107289
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/33493.txt
13
reference_url https://github.com/advisories/GHSA-wpvx-26f7-65q3
reference_id GHSA-wpvx-26f7-65q3
reference_type
scores
url https://github.com/advisories/GHSA-wpvx-26f7-65q3
fixed_packages
aliases CVE-2014-3840, GHSA-wpvx-26f7-65q3, PYSEC-2014-110
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yhh7-wbkc-r7ec
Fixing_vulnerabilities
0
url VCID-5hk9-rp44-1ud3
vulnerability_id VCID-5hk9-rp44-1ud3
summary An issue was discovered in Mayan EDMS before 3.0.2. The Appearance app sets window.location directly, leading to XSS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-16405
reference_id
reference_type
scores
0
value 0.00317
scoring_system epss
scoring_elements 0.55103
published_at 2026-06-05T12:55:00Z
1
value 0.00317
scoring_system epss
scoring_elements 0.55044
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-16405
1
reference_url https://github.com/advisories/GHSA-fpcv-j2q9-vqhw
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-fpcv-j2q9-vqhw
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mayan-edms-ng/PYSEC-2018-16.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mayan-edms-ng/PYSEC-2018-16.yaml
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mayan-edms/PYSEC-2018-106.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mayan-edms/PYSEC-2018-106.yaml
4
reference_url https://gitlab.com/mayan-edms/mayan-edms
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gitlab.com/mayan-edms/mayan-edms
5
reference_url https://gitlab.com/mayan-edms/mayan-edms/blob/master/HISTORY.rst
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gitlab.com/mayan-edms/mayan-edms/blob/master/HISTORY.rst
6
reference_url https://gitlab.com/mayan-edms/mayan-edms/commit/9ebe80595afe4fdd1e2c74358d6a9421f4ce130e
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gitlab.com/mayan-edms/mayan-edms/commit/9ebe80595afe4fdd1e2c74358d6a9421f4ce130e
7
reference_url https://gitlab.com/mayan-edms/mayan-edms/issues/494
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gitlab.com/mayan-edms/mayan-edms/issues/494
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-16405
reference_id CVE-2018-16405
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-16405
fixed_packages
0
url pkg:pypi/mayan-edms@3.0.2
purl pkg:pypi/mayan-edms@3.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-92gn-k1jm-47fe
1
vulnerability VCID-etyd-8wdw-6fg9
2
vulnerability VCID-ex64-9sg9-3kdu
3
vulnerability VCID-mynh-sahb-2be8
4
vulnerability VCID-yhh7-wbkc-r7ec
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mayan-edms@3.0.2
aliases CVE-2018-16405, GHSA-fpcv-j2q9-vqhw, PYSEC-2018-106, PYSEC-2018-16
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5hk9-rp44-1ud3
1
url VCID-qc9r-2nr9-5uc2
vulnerability_id VCID-qc9r-2nr9-5uc2
summary An issue was discovered in Mayan EDMS before 3.0.2. The Cabinets app has XSS via a crafted cabinet label.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-16406
reference_id
reference_type
scores
0
value 0.00272
scoring_system epss
scoring_elements 0.50839
published_at 2026-06-04T12:55:00Z
1
value 0.00272
scoring_system epss
scoring_elements 0.50901
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-16406
1
reference_url https://github.com/advisories/GHSA-5r76-cjf4-c9qx
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-5r76-cjf4-c9qx
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mayan-edms/PYSEC-2018-14.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mayan-edms/PYSEC-2018-14.yaml
3
reference_url https://gitlab.com/mayan-edms/mayan-edms
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gitlab.com/mayan-edms/mayan-edms
4
reference_url https://gitlab.com/mayan-edms/mayan-edms/blob/master/HISTORY.rst
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gitlab.com/mayan-edms/mayan-edms/blob/master/HISTORY.rst
5
reference_url https://gitlab.com/mayan-edms/mayan-edms/commit/48dfc06e49c7f773749e063f8cc69c95509d1c32
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gitlab.com/mayan-edms/mayan-edms/commit/48dfc06e49c7f773749e063f8cc69c95509d1c32
6
reference_url https://gitlab.com/mayan-edms/mayan-edms/issues/495
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gitlab.com/mayan-edms/mayan-edms/issues/495
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-16406
reference_id CVE-2018-16406
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-16406
fixed_packages
0
url pkg:pypi/mayan-edms@3.0.2
purl pkg:pypi/mayan-edms@3.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-92gn-k1jm-47fe
1
vulnerability VCID-etyd-8wdw-6fg9
2
vulnerability VCID-ex64-9sg9-3kdu
3
vulnerability VCID-mynh-sahb-2be8
4
vulnerability VCID-yhh7-wbkc-r7ec
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mayan-edms@3.0.2
aliases CVE-2018-16406, GHSA-5r76-cjf4-c9qx, PYSEC-2018-14
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qc9r-2nr9-5uc2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/mayan-edms@3.0.2