CNNVD-202512-2583 Information
CNNVD ID
CNNVD-202512-2583
Related CVE
- CNNVD Published: 2025-12-14
Description (Chinese)
Mayan EDMS是Mayan EDMS公司的一个基于 Web 的免费文档管理系统。用于管理组织内的文档。 Mayan EDMS 4.10.1及之前版本存在代码注入漏洞,该漏洞源于对文件/authentication/的错误操作,可能导致跨站脚本攻击。
Description (English)
Mayan EDMS is a Web-based free document management system for Mayan EDMS. to manage documents within an organization. Mayan EDMS 4.10.1 and previous versions had a code-infusion loophole, which stemmed from a mishandling of the document/authentication/, which could lead to a cross-site script attack.
Hazard Level
High
Vulnerability Type
代码注入
Affected Vendor
Mayan EDMS
Published
2025-12-14
Last Modified
2026-02-24
References
https://vuldb.com/?id.336409 https://vuldb.com/?ctiid.336409 https://vuldb.com/?submit.711713 https://docs.mayan-edms.com/chapters/releases/4.10.2.html#security https://github.com/ionutluca888/Mayan-EDMS-XSS-POC https://access.redhat.com/security/cve/cve-2025-14691
Patch
https://docs.mayan-edms.com/chapters/releases/4.10.2.html
Share on: