{"id":"PYSEC-2023-276","details":"An XSS vulnerability was discovered in the Mayan EDMS DMS. Successful XSS exploitation was observed in the in-product tagging system.","aliases":["CVE-2022-47419","GHSA-5m6v-2xgf-qhrw"],"modified":"2024-11-25T22:42:30.943725Z","published":"2023-02-07T22:15:00Z","references":[{"type":"ARTICLE","url":"https://www.rapid7.com/blog/post/2023/02/07/multiple-dms-xss-cve-2022-47412-through-cve-20222-47419/"},{"type":"WEB","url":"https://www.mayan-edms.com/news/2023/02/version-4.3.6/"}],"affected":[{"package":{"name":"mayan-edms","ecosystem":"PyPI","purl":"pkg:pypi/mayan-edms"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.3.6"}]}],"versions":["1.0.0","1.0.rc1","1.0.rc2","1.0.rc3","1.1.0","1.1.1","2.0.0","2.0.0b1","2.0.0b2","2.0.0rc1","2.0.1","2.0.2","2.1","2.1.1","2.1.10","2.1.11","2.1.2","2.1.3","2.1.4","2.1.5","2.1.6","2.1rc1","2.1rc2","2.2","2.2b1","2.2b2","2.2b3","2.2rc1","2.3","2.4","2.5","2.5.1","2.5.2","2.6","2.6.1","2.6.2","2.6.3","2.6.4","2.7","2.7.1","2.7.2","2.7.3","3.0","3.0.1","3.0.2","3.0.3","3.1","3.1.1","3.1.10","3.1.2","3.1.3","3.1.4","3.1.5","3.1.6","3.1.7","3.1.8","3.1.9","3.2","3.2.1","3.2.10","3.2.11","3.2.2","3.2.3","3.2.4","3.2.5","3.2.6","3.2.7","3.2.8","3.2.9","3.2b1","3.2rc1","3.3","3.3.1","3.3.10","3.3.11","3.3.12","3.3.13","3.3.14","3.3.15","3.3.16","3.3.17","3.3.18","3.3.2","3.3.3","3.3.4","3.3.5","3.3.6","3.3.7","3.3.8","3.3.9","3.4","3.4.1","3.4.10","3.4.11","3.4.12","3.4.13","3.4.14","3.4.15","3.4.16","3.4.17","3.4.18","3.4.19","3.4.2","3.4.20","3.4.21","3.4.22","3.4.3","3.4.4","3.4.5","3.4.6","3.4.7","3.4.8","3.4.9","3.5","3.5.1","3.5.10","3.5.11","3.5.12","3.5.2","3.5.3","3.5.4","3.5.5","3.5.6","3.5.7","3.5.8","3.5.9","4.0","4.0.1","4.0.10","4.0.11","4.0.12","4.0.13","4.0.14","4.0.15","4.0.16","4.0.17","4.0.18","4.0.19","4.0.2","4.0.20","4.0.21","4.0.22","4.0.23","4.0.24","4.0.3","4.0.4","4.0.5","4.0.6","4.0.7","4.0.8","4.0.9","4.0b1","4.0b2","4.0b3","4.0b4","4.0rc1","4.0rc2","4.0rc3","4.1","4.1.1","4.1.10","4.1.11","4.1.12","4.1.2","4.1.3","4.1.4","4.1.5","4.1.6","4.1.7","4.1.8","4.1.9","4.1b1","4.1b2","4.1rc1","4.1rc2","4.2","4.2.1","4.2.10","4.2.11","4.2.12","4.2.13","4.2.14","4.2.15","4.2.16","4.2.17","4.2.18","4.2.2","4.2.3","4.2.4","4.2.5","4.2.6","4.2.7","4.2.8","4.2.9","4.2a1","4.2b1","4.2rc1","4.3","4.3.1","4.3.2","4.3.3","4.3.4","4.3.5","4.3a1","4.3rc1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/mayan-edms/PYSEC-2023-276.yaml"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}