CVE-2026-40201

🗓️ 01 May 2026 08:36:39Reported by mitreType

Stored XSS exists in Markdown titles in diplodoc search extension 1.0.0 to 3.x before 3.0.3.

Reporter	Title	Published	Views	Family All 14
ATTACKERKB	CVE-2026-40201	1 May 202608:36	–	attackerkb
Circl	CVE-2026-40201	1 May 202610:50	–	circl
CNNVD	Diplodoc search extension 跨站脚本漏洞	1 May 202600:00	–	cnnvd
Cvelist	CVE-2026-40201	1 May 202608:36	–	cvelist
EUVD	EUVD-2026-26484	1 May 202608:36	–	euvd
Github Security Blog	@diplodoc/search-extension allows stored XSS via Markdown file title	1 May 202609:30	–	github
NVD	CVE-2026-40201	1 May 202609:16	–	nvd
OSV	GHSA-RJMP-RWJ4-MV82 @diplodoc/search-extension allows stored XSS via Markdown file title	1 May 202609:30	–	osv
Positive Technologies	PT-2026-36308	1 May 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-40201	5 May 202602:20	–	redhatcve

Vulners

Node

diplodoc-platform @diplodoc/search-extensionRange1.0.0–3.0.3

[
  {
    "collectionURL": "https://registry.npmjs.org",
    "defaultStatus": "unaffected",
    "packageName": "@diplodoc/search-extension",
    "packageURL": "pkg:npm/%40diplodoc/search-extension",
    "platforms": [
      "Windows"
    ],
    "product": "@diplodoc/search-extension",
    "programFiles": [
      "format.ts"
    ],
    "programRoutines": [
      {
        "name": "highlighte"
      }
    ],
    "repo": "https://github.com/diplodoc-platform/search-extension",
    "vendor": "diplodoc-platform",
    "versions": [
      {
        "lessThan": "3.0.3",
        "status": "affected",
        "version": "1.0.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
github	www.github.com/diplodoc-platform/search-extension/releases/tag/v3.0.3
github	www.github.com/diplodoc-platform/search-extension/releases
github	www.github.com/eyelessgoddd/eyelessgoddd/blob/main/README.md
github	www.github.com/diplodoc-platform/search-extension/pull/41

05 May 2026 02:16Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.15.4

EPSS0.00012

SSVC

CWE-79