Name of the Vulnerable Software and Affected Versions Mayan EDMS version 0.13

Description The issue allows remote authenticated users to inject arbitrary web script or HTML. This can be achieved via a tag or the title of a source in a Staging folder, the Name field in a bootstrap setup, or the Title field in a smart link or web form.

Recommendations For Mayan EDMS version 0.13, update to a version that fixes the cross-site scripting vulnerabilities. As a temporary workaround, consider restricting access to the calculate form title.html template and limiting user input in the affected fields, such as the title and Name fields, to minimize the risk of exploitation.