VulnerableCode Package Details - pkg:pypi/mayan-edms@3.3

Search for packages

Vulnerability	Summary	Fixed by
VCID-92gn-k1jm-47fe Aliases: CVE-2025-14691 GHSA-774q-r975-vqwp PYSEC-2025-134	A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to version 4.10.2 is sufficient to fix this issue. You should upgrade the affected component. The vendor confirms that this is "[f]ixed in version 4.10.2". Furthermore, that "[b]ackports for older versions in process and will be out as soon as their respective CI pipelines complete."	4.6.12 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.7.8 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.8.10 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.9.7 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.10.2 Affected by 0 other vulnerabilities.
VCID-ex64-9sg9-3kdu Aliases: CVE-2022-47419 GHSA-5m6v-2xgf-qhrw PYSEC-2023-276	An XSS vulnerability was discovered in the Mayan EDMS DMS. Successful XSS exploitation was observed in the in-product tagging system.	4.3.6 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-mynh-sahb-2be8 Aliases: CVE-2025-14692 GHSA-x37w-7p52-8f49 PYSEC-2025-135	A flaw has been found in Mayan EDMS up to 4.10.1. The impacted element is an unknown function of the file /authentication/. This manipulation causes open redirect. It is possible to initiate the attack remotely. The exploit has been published and may be used. Upgrading to version 4.10.2 is sufficient to resolve this issue. The affected component should be upgraded. The vendor confirms that this is "[f]ixed in version 4.10.2". Furthermore, that "[b]ackports for older versions in process and will be out as soon as their respective CI pipelines complete."	4.6.12 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.7.8 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.8.10 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.9.7 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.10.2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-92gn-k1jm-47fe
Aliases:
CVE-2025-14691
GHSA-774q-r975-vqwp
PYSEC-2025-134

A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to version 4.10.2 is sufficient to fix this issue. You should upgrade the affected component. The vendor confirms that this is "[f]ixed in version 4.10.2". Furthermore, that "[b]ackports for older versions in process and will be out as soon as their respective CI pipelines complete."

4.6.12
Affected by 2 other vulnerabilities.

4.7.8
Affected by 2 other vulnerabilities.

4.8.10
Affected by 2 other vulnerabilities.

4.9.7
Affected by 2 other vulnerabilities.

4.10.2
Affected by 0 other vulnerabilities.

VCID-ex64-9sg9-3kdu
Aliases:
CVE-2022-47419
GHSA-5m6v-2xgf-qhrw
PYSEC-2023-276

An XSS vulnerability was discovered in the Mayan EDMS DMS. Successful XSS exploitation was observed in the in-product tagging system.

4.3.6
Affected by 2 other vulnerabilities.

VCID-mynh-sahb-2be8
Aliases:
CVE-2025-14692
GHSA-x37w-7p52-8f49
PYSEC-2025-135

A flaw has been found in Mayan EDMS up to 4.10.1. The impacted element is an unknown function of the file /authentication/. This manipulation causes open redirect. It is possible to initiate the attack remotely. The exploit has been published and may be used. Upgrading to version 4.10.2 is sufficient to resolve this issue. The affected component should be upgraded. The vendor confirms that this is "[f]ixed in version 4.10.2". Furthermore, that "[b]ackports for older versions in process and will be out as soon as their respective CI pipelines complete."