73 matches found
CVE-2026-34212
Docmost is open-source collaborative wiki and documentation software. In versions prior to 0.71.0, improper neutralization of attachment URLs in Docmost allows a low-privileged authenticated user to store a malicious javascript: URL inside an attachment node in page content. When another user vie...
CVE-2026-34212
CVE-2026-34212 affects Docmost before 0.71.0. The issue is improper neutralization of attachment URLs in page content, allowing a low-privileged authenticated user to store a malicious javascript: URL inside an attachment node. When another user views the page and activates the attachment link/ic...
CVE-2026-33193
Docmost is open-source collaborative wiki and documentation software. Versions prior to 0.70.0 are vulnerable to a stored cross-site scripting XSS attack due to improper handling of MIME type spoofing GHSL-2026-052. An attacker could exploit this flaw to inject malicious scripts, potentially...
CVE-2026-33193 Docmost vulnerable to stored XSS via MIME type spoofing
Docmost is open-source collaborative wiki and documentation software. Versions prior to 0.70.0 are vulnerable to a stored cross-site scripting XSS attack due to improper handling of MIME type spoofing GHSL-2026-052. An attacker could exploit this flaw to inject malicious scripts, potentially...
CVE-2026-33193
Docmost is an open-source collaborative wiki; versions prior to 0.70.0 are affected by a stored XSS due to improper MIME-type handling (GHSL-2026-052). The vulnerability allows an attacker to inject scripts, potentially compromising user data. A patch is available in version 0.70.0. The CVSS vect...
CVE-2026-33193 Docmost vulnerable to stored XSS via MIME type spoofing
Docmost is open-source collaborative wiki and documentation software. Versions prior to 0.70.0 are vulnerable to a stored cross-site scripting XSS attack due to improper handling of MIME type spoofing GHSL-2026-052. An attacker could exploit this flaw to inject malicious scripts, potentially...
CVE-2026-33146 Docmost's Public Share Search Exposes Metadata of Restricted Children
Docmost is open-source collaborative wiki and documentation software. An authorization bypass vulnerability in versions 0.70.0 through 0.70.2 exposes restricted child page titles and text snippets through the public search endpoint POST /api/search/share-search for publicly shared content. This...
CVE-2026-33146
Docmost is open-source collaborative wiki and documentation software. An authorization bypass vulnerability in versions 0.70.0 through 0.70.2 exposes restricted child page titles and text snippets through the public search endpoint POST /api/search/share-search for publicly shared content. This...
CVE-2026-33146
Docmost (open-source wiki/docs) contains an authorization bypass vulnerability affecting versions 0.70.0–0.70.2. unauthenticated users can access restricted child page titles and text snippets via the public search endpoint POST /api/search/share-search, exposing content that should be hidden. Th...
PT-2026-32930
Docmost is open-source collaborative wiki and documentation software. In versions prior to 0.71.0, improper neutralization of attachment URLs in Docmost allows a low-privileged authenticated user to store a malicious javascript: URL inside an attachment node in page content. When another user vie...
Docmost 跨站脚本漏洞
Docmost is an open-source collaborative wiki and documentation software developed by Docmost. Versions of Docmost prior to 0.71.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper handling of attachment URLs, which could allow low-privilege authenticated use...
Docmost 安全漏洞
Docmost is an open-source collaborative wiki and documentation software developed by Docmost. Versions of Docmost from 0.3.0 to 0.71.0 contained security vulnerabilities. These vulnerabilities were due to improper authorization, which could allow users with low privileges to override attachments ...
PT-2026-32931
Docmost is open-source collaborative wiki and documentation software. Starting in version 0.3.0 and prior to version 0.71.0, improper authorization in Docmost allows a low-privileged authenticated user to overwrite another page's attachment within the same workspace by supplying a victim...
Docmost 跨站脚本漏洞
Docmost is an open-source collaborative wiki and documentation software developed by Docmost. Versions of Docmost prior to 0.70.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper handling of MIME type deception, which could lead to storage-based cross-site...
PT-2026-32929
Docmost is open-source collaborative wiki and documentation software. Versions prior to 0.70.0 are vulnerable to a stored cross-site scripting XSS attack due to improper handling of MIME type spoofing GHSL-2026-052. An attacker could exploit this flaw to inject malicious scripts, potentially...
PT-2026-32928
Docmost is open-source collaborative wiki and documentation software. An authorization bypass vulnerability in versions 0.70.0 through 0.70.2 exposes restricted child page titles and text snippets through the public search endpoint POST /api/search/share-search for publicly shared content. This...
Docmost 授权问题漏洞
Docmost is an open-source collaborative wiki and documentation software developed by Docmost. Versions of Docmost from 0.70.0 to 0.70.2 have a vulnerability related to authorization issues. This vulnerability stems from an authorization bypass issue, allowing unauthorized users to enumerate and...
CVE-2026-24045
Docmost is open-source collaborative wiki and documentation software. From 0.20.0 and before 0.25.0, the public share page functionality in Docmost does not properly HTML-escape page titles before inserting them into meta tags and the title tag. This allows Stored Cross-Site Scripting XSS attacks...
CVE-2026-24045
Docmost is open-source collaborative wiki and documentation software. From 0.20.0 and before 0.25.0, the public share page functionality in Docmost does not properly HTML-escape page titles before inserting them into meta tags and the title tag. This allows Stored Cross-Site Scripting XSS attacks...
CVE-2026-24045 Docmost Affected by Stored XSS in Public Share Page
Docmost is open-source collaborative wiki and documentation software. From 0.20.0 and before 0.25.0, the public share page functionality in Docmost does not properly HTML-escape page titles before inserting them into meta tags and the title tag. This allows Stored Cross-Site Scripting XSS attacks...