Date: Thu, 22 May 2014 01:17:24 -0400 (EDT) From: cve-assign@...re.org To: dolev@...nflare.org Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: Persistent XSS in Mayan EDMS - document management system -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > multiple persistent cross-site scripting vulnerabilities were found in > the latest version of Mayan EDMS. it appears that new tags, folders > and links that are created by any system user are not sanitized when > viewed, allowing malicious code to be stored and executed. > An attacker is able to create documents and tags with malicious code, > potentially stealing admin cookies browsing or editing the documents. > http://research.openflare.org/advisories/mayan-edms/multiple_stored_xss.txt Use CVE-2014-3840. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTfYgZAAoJEKllVAevmvmstEEH/1FLyD6dcbgaJTYYuFRoMyvy S84Wm1rDiQX2HSKbG8YJfQopwkFJlNys3gUdh6e3zjNq6UR7wHw4cCDuWZL+JpV0 Pa6G6XNFdoajAVRHX2DF+RSpKxj1763tLlr72UkbQjGtLg0J4f7luHyosSqf0eS3 Os5jZxNDoCGXz2md95pZB95V9lYPSJGp5e7TbDcc1QE0DjWcaQtjOXeSuUxpdU1j bQ8fSENGdug0Fuqy8n2C/HsXac/phJGG7gZ1IBCGRM8cwqg5/mO8c41vkcW0mml/ zqXMzLAWUq5ycU3bty8mDfBv01yunFBMKIYg9AsOHjnEY58Bf+hcs92F6yRfSJs= =9zbA -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ