Every CVE whose affected-product data names Mayan-edms Mayan Edms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2018-16407 — CVSS 6.1 (medium): An issue was discovered in Mayan EDMS before 3.0.3. The Tags app has XSS because tag label values are mishandled.
CVE-2018-16405 — CVSS 6.1 (medium): An issue was discovered in Mayan EDMS before 3.0.2. The Appearance app sets window.location directly, leading to XSS.
CVE-2018-16406 — CVSS 6.1 (medium): An issue was discovered in Mayan EDMS before 3.0.2. The Cabinets app has XSS via a crafted cabinet label.
CVE-2022-47419 — CVSS 5.4 (medium): An XSS vulnerability was discovered in the Mayan EDMS DMS. Successful XSS exploitation was observed in the in-product tagging system.
CVE-2025-14691 — CVSS 4.3 (medium): A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The…
CVE-2025-14692 — CVSS 4.3 (medium): A flaw has been found in Mayan EDMS up to 4.10.1. The impacted element is an unknown function of the file /authentication/. This…
CVE-2014-3840 — CVSS 3.5 (low): Multiple cross-site scripting (XSS) vulnerabilities in apps/common/templates/calculate_form_title.html in Mayan EDMS 0.13 allow remote…