Lucene search
K

73 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/14 9:42 p.m.5 views

CVE-2026-34212

Docmost is open-source collaborative wiki and documentation software. In versions prior to 0.71.0, improper neutralization of attachment URLs in Docmost allows a low-privileged authenticated user to store a malicious javascript: URL inside an attachment node in page content. When another user vie...

5.4CVSS5.8AI score0.00197EPSS
Exploits3References2Affected Software1
CVE
CVE
added 2026/04/14 9:42 p.m.12 views

CVE-2026-34212

CVE-2026-34212 affects Docmost before 0.71.0. The issue is improper neutralization of attachment URLs in page content, allowing a low-privileged authenticated user to store a malicious javascript: URL inside an attachment node. When another user views the page and activates the attachment link/ic...

5.4CVSS5.8AI score0.00197EPSS
Exploits3References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/14 9:39 p.m.3 views

CVE-2026-33193

Docmost is open-source collaborative wiki and documentation software. Versions prior to 0.70.0 are vulnerable to a stored cross-site scripting XSS attack due to improper handling of MIME type spoofing GHSL-2026-052. An attacker could exploit this flaw to inject malicious scripts, potentially...

4.6CVSS5.7AI score0.00187EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/14 9:39 p.m.20 views

CVE-2026-33193 Docmost vulnerable to stored XSS via MIME type spoofing

Docmost is open-source collaborative wiki and documentation software. Versions prior to 0.70.0 are vulnerable to a stored cross-site scripting XSS attack due to improper handling of MIME type spoofing GHSL-2026-052. An attacker could exploit this flaw to inject malicious scripts, potentially...

4.6CVSS0.00187EPSS
Exploits0References1
CVE
CVE
added 2026/04/14 9:39 p.m.12 views

CVE-2026-33193

Docmost is an open-source collaborative wiki; versions prior to 0.70.0 are affected by a stored XSS due to improper MIME-type handling (GHSL-2026-052). The vulnerability allows an attacker to inject scripts, potentially compromising user data. A patch is available in version 0.70.0. The CVSS vect...

4.6CVSS5.7AI score0.00187EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/14 9:39 p.m.6 views

CVE-2026-33193 Docmost vulnerable to stored XSS via MIME type spoofing

Docmost is open-source collaborative wiki and documentation software. Versions prior to 0.70.0 are vulnerable to a stored cross-site scripting XSS attack due to improper handling of MIME type spoofing GHSL-2026-052. An attacker could exploit this flaw to inject malicious scripts, potentially...

4.6CVSS5.7AI score0.00187EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/14 9:36 p.m.5 views

CVE-2026-33146 Docmost's Public Share Search Exposes Metadata of Restricted Children

Docmost is open-source collaborative wiki and documentation software. An authorization bypass vulnerability in versions 0.70.0 through 0.70.2 exposes restricted child page titles and text snippets through the public search endpoint POST /api/search/share-search for publicly shared content. This...

4.3CVSS5.8AI score0.00213EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2026/04/14 9:36 p.m.9 views

CVE-2026-33146

Docmost is open-source collaborative wiki and documentation software. An authorization bypass vulnerability in versions 0.70.0 through 0.70.2 exposes restricted child page titles and text snippets through the public search endpoint POST /api/search/share-search for publicly shared content. This...

4.3CVSS5.8AI score0.00213EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2026/04/14 9:36 p.m.11 views

CVE-2026-33146

Docmost (open-source wiki/docs) contains an authorization bypass vulnerability affecting versions 0.70.0–0.70.2. unauthenticated users can access restricted child page titles and text snippets via the public search endpoint POST /api/search/share-search, exposing content that should be hidden. Th...

4.3CVSS5.8AI score0.00213EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.6 views

PT-2026-32930

Docmost is open-source collaborative wiki and documentation software. In versions prior to 0.71.0, improper neutralization of attachment URLs in Docmost allows a low-privileged authenticated user to store a malicious javascript: URL inside an attachment node in page content. When another user vie...

5.4CVSS5.8AI score0.00197EPSS
Exploits3References4
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.8 views

Docmost 跨站脚本漏洞

Docmost is an open-source collaborative wiki and documentation software developed by Docmost. Versions of Docmost prior to 0.71.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper handling of attachment URLs, which could allow low-privilege authenticated use...

5.4CVSS5.7AI score0.00197EPSS
Exploits3References2
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.7 views

Docmost 安全漏洞

Docmost is an open-source collaborative wiki and documentation software developed by Docmost. Versions of Docmost from 0.3.0 to 0.71.0 contained security vulnerabilities. These vulnerabilities were due to improper authorization, which could allow users with low privileges to override attachments ...

5.4CVSS5.8AI score0.0017EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.8 views

PT-2026-32931

Docmost is open-source collaborative wiki and documentation software. Starting in version 0.3.0 and prior to version 0.71.0, improper authorization in Docmost allows a low-privileged authenticated user to overwrite another page's attachment within the same workspace by supplying a victim...

5.4CVSS5.8AI score0.0017EPSS
Exploits2References4
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.8 views

Docmost 跨站脚本漏洞

Docmost is an open-source collaborative wiki and documentation software developed by Docmost. Versions of Docmost prior to 0.70.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper handling of MIME type deception, which could lead to storage-based cross-site...

4.6CVSS5.7AI score0.00187EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.6 views

PT-2026-32929

Docmost is open-source collaborative wiki and documentation software. Versions prior to 0.70.0 are vulnerable to a stored cross-site scripting XSS attack due to improper handling of MIME type spoofing GHSL-2026-052. An attacker could exploit this flaw to inject malicious scripts, potentially...

4.6CVSS5.7AI score0.00187EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.5 views

PT-2026-32928

Docmost is open-source collaborative wiki and documentation software. An authorization bypass vulnerability in versions 0.70.0 through 0.70.2 exposes restricted child page titles and text snippets through the public search endpoint POST /api/search/share-search for publicly shared content. This...

4.3CVSS5.8AI score0.00213EPSS
Exploits2References4
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.10 views

Docmost 授权问题漏洞

Docmost is an open-source collaborative wiki and documentation software developed by Docmost. Versions of Docmost from 0.70.0 to 0.70.2 have a vulnerability related to authorization issues. This vulnerability stems from an authorization bypass issue, allowing unauthorized users to enumerate and...

4.3CVSS5.8AI score0.00213EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/02/11 7:44 p.m.7 views

CVE-2026-24045

Docmost is open-source collaborative wiki and documentation software. From 0.20.0 and before 0.25.0, the public share page functionality in Docmost does not properly HTML-escape page titles before inserting them into meta tags and the title tag. This allows Stored Cross-Site Scripting XSS attacks...

7.3CVSS6AI score0.00224EPSS
Exploits1References1
NVD
NVD
added 2026/02/10 6:16 p.m.8 views

CVE-2026-24045

Docmost is open-source collaborative wiki and documentation software. From 0.20.0 and before 0.25.0, the public share page functionality in Docmost does not properly HTML-escape page titles before inserting them into meta tags and the title tag. This allows Stored Cross-Site Scripting XSS attacks...

7.3CVSS0.00224EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/10 4:56 p.m.27 views

CVE-2026-24045 Docmost Affected by Stored XSS in Public Share Page

Docmost is open-source collaborative wiki and documentation software. From 0.20.0 and before 0.25.0, the public share page functionality in Docmost does not properly HTML-escape page titles before inserting them into meta tags and the title tag. This allows Stored Cross-Site Scripting XSS attacks...

7.3CVSS0.00224EPSS
Exploits1References3
Rows per page
Query Builder