Mayan EDMS Cross-Site Scripting Vulnerability in Authentication Component

A DOM-based cross-site scripting (XSS) vulnerability has been identified in Mayan EDMS versions through 4.10.1. The issue resides within the authentication component, specifically in the file '/authentication/'. This vulnerability allows remote attackers to execute arbitrary JavaScript in the context of the victim's browser. The root cause is the application's failure to properly sanitize user-controlled data before it is reflected in a JavaScript context, particularly through the manipulation of 'window.location'. Exploitation requires convincing a user to open a malicious URL.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can execute scripts in the context of the user's session.

Reproduction

The vulnerability can be reproduced by sending a request to the '/authentication/' endpoint with a crafted 'window.location' value that includes JavaScript code. This can be done by manipulating the URL to include the JavaScript payload in the hash or query parameters, which the application will then process without proper sanitization.

Remediation

Users are advised to upgrade to Mayan EDMS version 4.10.2, which addresses this vulnerability. For those using older versions, backports are in progress and will be available once the respective CI pipelines are complete.