CVE-2014-3840

Name of the Vulnerable Software and Affected Versions Mayan EDMS version 0.13

Description The issue allows remote authenticated users to inject arbitrary web script or HTML. This can be achieved via a tag or the title of a source in a Staging folder, the Name field in a bootstrap setup, or the Title field in a smart link or web form.

Recommendations For Mayan EDMS version 0.13, update to a version that includes a fix for this issue, as using earlier versions poses a risk of arbitrary web script or HTML injection. As a temporary workaround, consider restricting access to the calculate form title.html template and limiting user input in the affected fields, such as the title and Name fields, until a patch is available.