Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 22 May 2014 01:17:24 -0400 (EDT)
From: cve-assign@...re.org
To: dolev@...nflare.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: Persistent XSS in Mayan EDMS - document management system

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> multiple persistent cross-site scripting vulnerabilities were found in
> the latest version of Mayan EDMS. it appears that new tags, folders
> and links that are created by any system user are not sanitized when
> viewed, allowing malicious code to be stored and executed.

> An attacker is able to create documents and tags with malicious code,
> potentially stealing admin cookies browsing or editing the documents.

> http://research.openflare.org/advisories/mayan-edms/multiple_stored_xss.txt

Use CVE-2014-3840.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTfYgZAAoJEKllVAevmvmstEEH/1FLyD6dcbgaJTYYuFRoMyvy
S84Wm1rDiQX2HSKbG8YJfQopwkFJlNys3gUdh6e3zjNq6UR7wHw4cCDuWZL+JpV0
Pa6G6XNFdoajAVRHX2DF+RSpKxj1763tLlr72UkbQjGtLg0J4f7luHyosSqf0eS3
Os5jZxNDoCGXz2md95pZB95V9lYPSJGp5e7TbDcc1QE0DjWcaQtjOXeSuUxpdU1j
bQ8fSENGdug0Fuqy8n2C/HsXac/phJGG7gZ1IBCGRM8cwqg5/mO8c41vkcW0mml/
zqXMzLAWUq5ycU3bty8mDfBv01yunFBMKIYg9AsOHjnEY58Bf+hcs92F6yRfSJs=
=9zbA
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ