CVE-2014-3840

Mayan EDMS 0.13 - Authenticated Stored Cross-Site Scripting via Tag, Title, Name, or Smart Link Fields

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-3840. PoCs published by Dolev Farhi.

AI-analyzed exploit summary This is a writeup detailing multiple stored XSS vulnerabilities in Mayan EDMS v0.13. It describes steps to inject malicious scripts into tags, staging folders, bootstrap setups, and smart links, which execute when accessed by users.

Description

Multiple cross-site scripting (XSS) vulnerabilities in apps/common/templates/calculate_form_title.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a (1) tag or the (2) title of a source in a Staging folder, (3) Name field in a bootstrap setup, or Title field in a (4) smart link or (5) web form.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Dolev Farhi · textwebappsmultiple
https://www.exploit-db.com/exploits/33493

This is a writeup detailing multiple stored XSS vulnerabilities in Mayan EDMS v0.13. It describes steps to inject malicious scripts into tags, staging folders, bootstrap setups, and smart links, which execute when accessed by users.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Mayan EDMS v0.13
Auth required
Prerequisites: Access to the Mayan EDMS application with sufficient privileges to create tags, staging folders, bootstrap setups, or smart links
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Mailing List mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2014/q2/352
Issue Tracking x_refsource_confirm
https://github.com/mayan-edms/mayan-edms/issues/3
Mailing List mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2014/q2/349
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/33493
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/67552

Scores

EPSS 0.0348
EPSS Percentile 87.7%

Details

CWE
CWE-79
Status published
Products (2)
mayan-edms/mayan_edms 0.13
pypi/mayan-edms 0PyPI
Published May 27, 2014
Tracked Since Feb 18, 2026