CVE-2026-33193 Docmost vulnerable to stored XSS via MIME type spoofing

Docmost is open-source collaborative wiki and documentation software. Versions prior to 0.70.0 are vulnerable to a stored cross-site scripting XSS attack due to improper handling of MIME type spoofing GHSL-2026-052. An attacker could exploit this flaw to inject malicious scripts, potentially...

CVE-2026-23630 Docmost is vulnerable to stored Cross-Site Scripting (XSS) through Mermaid rendering

Docmost is open-source collaborative wiki and documentation software. In versions 0.3.0 through 0.23.2, Mermaid code block rendering is vulnerable to stored Cross-Site Scripting XSS. The frontend can render attacker-controlled Mermaid diagrams using mermaid.render, then inject the returned SVG/HT...

CVE-2026-22249 Docmost affected by an Arbitrary File Write via Zip Import Feature (ZipSlip)

Docmost is an open-source collaborative wiki and documentation software. From 0.21.0 to before 0.24.0, Docmost is vulnerable to Arbitrary File Write via Zip Import Feature ZipSlip. In apps/server/src/integrations/import/utils/file.utils.ts, there are no validation on filename. This vulnerability ...

CVE-2025-55574

Cross Site Scripting vulnerability in docmost v.0.21.0 and before allows an attacker to execute arbitrary code...

Docmost 安全漏洞

Docmost is an open collaboration wiki and documentation software from Docmost Open Source. A security vulnerability exists in Docmost 0.21.0 and earlier versions, which stems from vulnerability to cross-site scripting attacks that could lead to the execution of arbitrary code...

PT-2025-34672 · Docmost · Docmost

Name of the Vulnerable Software and Affected Versions: docmost versions prior to 0.21.0 Description: A Cross Site Scripting issue exists in docmost versions prior to 0.21.0, potentially allowing an attacker to execute arbitrary code. Recommendations: Update to a version newer than 0.21.0...