CVE-2022-47419
MEDIUMMayan EDMS < 4.3.6 - Stored Cross-Site Scripting in Tagging System
Title source: llmDescription
An XSS vulnerability was discovered in the Mayan EDMS DMS. Successful XSS exploitation was observed in the in-product tagging system.
References (2)
Core 2
Core References
Exploit, Third Party Advisory third-party-advisory
https://www.rapid7.com/blog/post/2023/02/07/multiple-dms-xss-cve-2022-47412-through-cve-20222-47419/
Various Sources release-notes
vendor-advisory
https://www.mayan-edms.com/news/2023/02/version-4.3.6/
Scores
CVSS v3
5.4
EPSS
0.0054
EPSS Percentile
41.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (2)
mayan-edms/mayan_edms
4.3.3
pypi/mayan-edms
0 - 4.3.6PyPI
Published
Feb 07, 2023
Tracked Since
Feb 18, 2026