CVE-2014-3840
Mayan EDMS 0.13 - Authenticated Stored Cross-Site Scripting via Tag, Title, Name, or Smart Link Fields
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2014-3840. PoCs published by Dolev Farhi.
AI-analyzed exploit summary This is a writeup detailing multiple stored XSS vulnerabilities in Mayan EDMS v0.13. It describes steps to inject malicious scripts into tags, staging folders, bootstrap setups, and smart links, which execute when accessed by users.
Description
Multiple cross-site scripting (XSS) vulnerabilities in apps/common/templates/calculate_form_title.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a (1) tag or the (2) title of a source in a Staging folder, (3) Name field in a bootstrap setup, or Title field in a (4) smart link or (5) web form.
Exploits (1)
This is a writeup detailing multiple stored XSS vulnerabilities in Mayan EDMS v0.13. It describes steps to inject malicious scripts into tags, staging folders, bootstrap setups, and smart links, which execute when accessed by users.