CVE-2014-3840
low
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
4.5
Description
Mayan EDMS multiple cross-site scripting (XSS) vulnerabilities
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
Mayan-EDms Web-Based Document Management OS System - Multiple Persistent Cross-Site Scripting Vulnerabilities
# Exploit Title: Multiple Stored XSS
# Software: Maya EDMS
# Software Link: http://www.mayan-edms.com/downloads/Mayan%20EDMS%20v0.13.ova
# Version: 0.13 - latest
# Author: Dolev Farhi, email: dolev(at)openflare(dot)org @f1nhack
# Date: 21.5.2014
# Tested on: Kali Linux
# Vendor homepage: www.mayan-edms.com
1. About the application:
=========================
Mayan (or Mayan EDMS) is a web-based free/libre document management system for managing documents within an organization
2. Vulnerability Description:
===============================
An attacker is able to create documents and tags with malicious code, potentially stealing admin cookies browsing or editing the documents.
3. Steps to reproduce:
========================
* Stored XSS 1:
Tags -> Create new tag -> <script>alert("XSS")</script> -> Save
any navigation to documents or search will execute the XSS
* Stored XSS 2:
Setup -> Sources -> Staging folders -> Add new source -> Title it: <script>alert("XSS")</script>
Submit -> navigate to edit it again -> XSS executes
* Stored XSS 3:
Setup -> Bootstrap -> Create new bootstrap setup -> Name <script>alert("XSS")</script> -> submit -> XSS
* Stored XSS 4:
Setup -> Smart links -> Create new smart link -> Title it <script>alert("XSS")</script> -> submit -> edit -> XSS executes
5. Proof of concept video
http://research.openflare.org/poc/maya-edms/maya-edms_multiple_xss.avi
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| PyPI | mayan-edms | | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| mayan-edms | mayan_edms | 0.13 | |
References
- http://research.openflare.org/advisories/OF-2014-09/mayan-edbs-storedxss.txt
- http://research.openflare.org/poc/maya-edms/maya-edms_multiple_xss.avi
- http://seclists.org/oss-sec/2014/q2/349
- http://seclists.org/oss-sec/2014/q2/352
- http://www.exploit-db.com/exploits/33493
- http://www.securityfocus.com/bid/67552
- https://github.com/mayan-edms/mayan-edms/commit/398c480c10416d76e7c1dcb607e726e8fc988e72
- https://github.com/mayan-edms/mayan-edms/issues/3
- https://nvd.nist.gov/vuln/detail/CVE-2014-3840
- https://github.com/mayan-edms/Mayan-EDMS
- https://github.com/pypa/advisory-database/tree/main/vulns/mayan-edms/PYSEC-2014-110.yaml
CWEs
CWE-79
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.