CVE-2022-47419
published 2023-02-07CVE-2022-47419: An XSS vulnerability was discovered in the Mayan EDMS DMS. Successful XSS exploitation was observed in the in-product tagging system.
PriorityP422medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.54%
41.1th percentile
An XSS vulnerability was discovered in the Mayan EDMS DMS. Successful XSS exploitation was observed in the in-product tagging system.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mayan-edms | mayan_edms | — | — |
| mayan_edms | mayan_edms | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Mayan EDMS DMS XSS vulnerability
ghsa·2023-02-08
CVE-2022-47419 [MEDIUM] CWE-79 Mayan EDMS DMS XSS vulnerability
Mayan EDMS DMS XSS vulnerability
An XSS vulnerability was discovered in the Mayan EDMS DMS. Successful XSS exploitation was observed in the in-product tagging system.
OSV
Mayan EDMS DMS XSS vulnerability
osv·2023-02-08
CVE-2022-47419 [MEDIUM] Mayan EDMS DMS XSS vulnerability
Mayan EDMS DMS XSS vulnerability
An XSS vulnerability was discovered in the Mayan EDMS DMS. Successful XSS exploitation was observed in the in-product tagging system.
OSV
CVE-2022-47419: An XSS vulnerability was discovered in the Mayan EDMS DMS
osv·2023-02-07
CVE-2022-47419 CVE-2022-47419: An XSS vulnerability was discovered in the Mayan EDMS DMS
An XSS vulnerability was discovered in the Mayan EDMS DMS. Successful XSS exploitation was observed in the in-product tagging system.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://www.mayan-edms.com/news/2023/02/version-4.3.6/https://www.rapid7.com/blog/post/2023/02/07/multiple-dms-xss-cve-2022-47412-through-cve-20222-47419/https://www.mayan-edms.com/news/2023/02/version-4.3.6/https://www.rapid7.com/blog/post/2023/02/07/multiple-dms-xss-cve-2022-47412-through-cve-20222-47419/
2023-02-07
Published