Lucene search
K

73 matches found

OSV
OSV
added 2026/02/10 4:56 p.m.7 views

CVE-2026-24045 Docmost Affected by Stored XSS in Public Share Page

Docmost is open-source collaborative wiki and documentation software. From g and before 0.25.0, the public share page functionality in Docmost does not properly HTML-escape page titles before inserting them into meta tags and the title tag. This allows Stored Cross-Site Scripting XSS attacks, whe...

7.3CVSS5.9AI score0.00224EPSS
Exploits1References5
CVE
CVE
added 2026/02/10 4:56 p.m.16 views

CVE-2026-24045

Docmost 0.25.0 fixes a stored XSS on the public share page where page titles are inserted into meta and title tags without proper HTML escaping. Affected: Docmost prior to 0.25.0. Severity: high (CVSS 3.1 base 7.3). Impact: arbitrary JavaScript execution in the context of any user who opens a sha...

7.3CVSS6AI score0.00224EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/10 4:56 p.m.2 views

CVE-2026-24045

Docmost is open-source collaborative wiki and documentation software. From 0.20.0 and before 0.25.0, the public share page functionality in Docmost does not properly HTML-escape page titles before inserting them into meta tags and the title tag. This allows Stored Cross-Site Scripting XSS attacks...

7.3CVSS6AI score0.00224EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/10 4:56 p.m.4 views

CVE-2026-24045 Docmost Affected by Stored XSS in Public Share Page

Docmost is open-source collaborative wiki and documentation software. From 0.20.0 and before 0.25.0, the public share page functionality in Docmost does not properly HTML-escape page titles before inserting them into meta tags and the title tag. This allows Stored Cross-Site Scripting XSS attacks...

7.3CVSS6AI score0.00224EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.8 views

Docmost 安全漏洞

Docmost is an open-source collaborative wiki and documentation software developed by Docmost. Versions of Docmost prior to 0.25.0 contained security vulnerabilities, which were caused by insufficient HTML escape sequences, potentially leading to stored-xss attacks...

7.3CVSS5.8AI score0.00224EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/01/22 11:24 p.m.6 views

CVE-2026-23630

Docmost is open-source collaborative wiki and documentation software. In versions 0.3.0 through 0.23.2, Mermaid code block rendering is vulnerable to stored Cross-Site Scripting XSS. The frontend can render attacker-controlled Mermaid diagrams using mermaid.render, then inject the returned SVG/HT...

6.3CVSS5.8AI score0.00243EPSS
Exploits1References1
NVD
NVD
added 2026/01/21 11:15 p.m.5 views

CVE-2026-23630

Docmost is open-source collaborative wiki and documentation software. In versions 0.3.0 through 0.23.2, Mermaid code block rendering is vulnerable to stored Cross-Site Scripting XSS. The frontend can render attacker-controlled Mermaid diagrams using mermaid.render, then inject the returned SVG/HT...

6.3CVSS0.00243EPSS
Exploits1References3
CVE
CVE
added 2026/01/21 10:51 p.m.10 views

CVE-2026-23630

CVE-2026-23630 affects Docmost: versions 0.3.0–0.23.2 are vulnerable to stored XSS in Mermaid diagram rendering. attacker-controlled Mermaid diagrams rendered via mermaid.render() are injected into the DOM with dangerouslySetInnerHTML, and per-diagram %%{init}%% directives can override securityLe...

6.3CVSS5.8AI score0.00243EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/21 10:51 p.m.3 views

CVE-2026-23630

Docmost is open-source collaborative wiki and documentation software. In versions 0.3.0 through 0.23.2, Mermaid code block rendering is vulnerable to stored Cross-Site Scripting XSS. The frontend can render attacker-controlled Mermaid diagrams using mermaid.render, then inject the returned SVG/HT...

6.3CVSS5.8AI score0.00243EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/21 10:51 p.m.4 views

CVE-2026-23630 Docmost is vulnerable to stored Cross-Site Scripting (XSS) through Mermaid rendering

Docmost is open-source collaborative wiki and documentation software. In versions 0.3.0 through 0.23.2, Mermaid code block rendering is vulnerable to stored Cross-Site Scripting XSS. The frontend can render attacker-controlled Mermaid diagrams using mermaid.render, then inject the returned SVG/HT...

6.3CVSS5.8AI score0.00243EPSS
Exploits1References3
OSV
OSV
added 2026/01/21 10:51 p.m.6 views

CVE-2026-23630 Docmost is vulnerable to stored Cross-Site Scripting (XSS) through Mermaid rendering

Docmost is open-source collaborative wiki and documentation software. In versions 0.3.0 through 0.23.2, Mermaid code block rendering is vulnerable to stored Cross-Site Scripting XSS. The frontend can render attacker-controlled Mermaid diagrams using mermaid.render, then inject the returned SVG/HT...

6.3CVSS5.9AI score0.00243EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/01/21 10:51 p.m.18 views

CVE-2026-23630 Docmost is vulnerable to stored Cross-Site Scripting (XSS) through Mermaid rendering

Docmost is open-source collaborative wiki and documentation software. In versions 0.3.0 through 0.23.2, Mermaid code block rendering is vulnerable to stored Cross-Site Scripting XSS. The frontend can render attacker-controlled Mermaid diagrams using mermaid.render, then inject the returned SVG/HT...

6.3CVSS0.00243EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.6 views

PT-2026-3877

Name of the Vulnerable Software and Affected Versions Docmost versions 0.3.0 through 0.23.2 Description Docmost is collaborative wiki and documentation software. Versions 0.3.0 through 0.23.2 are susceptible to stored Cross-Site Scripting XSS due to improper sanitization when rendering Mermaid co...

6.3CVSS5.8AI score0.00243EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/01/21 12:0 a.m.7 views

Docmost security vulnerabilities

Docmost is an open-source collaborative wiki and documentation software developed by Docmost. Versions of Docmost 0.23.2 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the lack of cleanup during the rendering of Mermaid code blocks, which could lead to...

6.3CVSS5.7AI score0.00243EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/01/16 7:25 p.m.5 views

CVE-2026-22249

Docmost is an open-source collaborative wiki and documentation software. From 0.21.0 to before 0.24.0, Docmost is vulnerable to Arbitrary File Write via Zip Import Feature ZipSlip. In apps/server/src/integrations/import/utils/file.utils.ts, there are no validation on filename. This vulnerability ...

9.8CVSS6.9AI score0.00502EPSS
Exploits1References1
NVD
NVD
added 2026/01/15 7:16 p.m.5 views

CVE-2026-22249

Docmost is an open-source collaborative wiki and documentation software. From 0.21.0 to before 0.24.0, Docmost is vulnerable to Arbitrary File Write via Zip Import Feature ZipSlip. In apps/server/src/integrations/import/utils/file.utils.ts, there are no validation on filename. This vulnerability ...

9.8CVSS0.00502EPSS
Exploits1References4
CVE
CVE
added 2026/01/15 6:43 p.m.11 views

CVE-2026-22249

CVE-2026-22249—Docmost is affected in versions 0.21.0 through before 0.24.0. The vulnerability stems from an Arbitrary File Write via Zip Import (ZipSlip) in the import utility, where filename validation is missing in apps/server/src/integrations/import/utils/file.utils.ts. This can enable unauth...

9.8CVSS6.5AI score0.00502EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/01/15 6:43 p.m.6 views

CVE-2026-22249 Docmost affected by an Arbitrary File Write via Zip Import Feature (ZipSlip)

Docmost is an open-source collaborative wiki and documentation software. From 0.21.0 to before 0.24.0, Docmost is vulnerable to Arbitrary File Write via Zip Import Feature ZipSlip. In apps/server/src/integrations/import/utils/file.utils.ts, there are no validation on filename. This vulnerability ...

7.1CVSS6.8AI score0.00502EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/01/15 6:43 p.m.5 views

CVE-2026-22249 Docmost affected by an Arbitrary File Write via Zip Import Feature (ZipSlip)

Docmost is an open-source collaborative wiki and documentation software. From 0.21.0 to before 0.24.0, Docmost is vulnerable to Arbitrary File Write via Zip Import Feature ZipSlip. In apps/server/src/integrations/import/utils/file.utils.ts, there are no validation on filename. This vulnerability ...

7.1CVSS6.5AI score0.00502EPSS
Exploits1References4
EUVD
EUVD
added 2026/01/15 6:43 p.m.4 views

EUVD-2026-2856

Docmost is an open-source collaborative wiki and documentation software. From 0.21.0 to before 0.24.0, Docmost is vulnerable to Arbitrary File Write via Zip Import Feature ZipSlip. In apps/server/src/integrations/import/utils/file.utils.ts, there are no validation on filename. This vulnerability ...

7.1CVSS6.4AI score0.00502EPSS
Exploits1References4
Rows per page
Query Builder