5 matches found
CVE-2026-34213
Docmost is open-source collaborative wiki and documentation software. Starting in version 0.3.0 and prior to version 0.71.0, improper authorization in Docmost allows a low-privileged authenticated user to overwrite another page's attachment within the same workspace by supplying a victim...
CVE-2026-34213
Docmost (open-source wiki/docs) is affected from v0.3.0 up to v0.70.x. The vulnerability is an improper authorization flaw that allows a low-privileged authenticated user to overwrite another page’s attachment in the same workspace by supplying attachmentId to POST /api/files/upload. Impact is a ...
CVE-2026-33146
Docmost is open-source collaborative wiki and documentation software. An authorization bypass vulnerability in versions 0.70.0 through 0.70.2 exposes restricted child page titles and text snippets through the public search endpoint POST /api/search/share-search for publicly shared content. This...
CVE-2026-33146 Docmost's Public Share Search Exposes Metadata of Restricted Children
Docmost is open-source collaborative wiki and documentation software. An authorization bypass vulnerability in versions 0.70.0 through 0.70.2 exposes restricted child page titles and text snippets through the public search endpoint POST /api/search/share-search for publicly shared content. This...
Docmost 跨站脚本漏洞
Docmost is an open-source collaborative wiki and documentation software developed by Docmost. Versions of Docmost prior to 0.70.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper handling of MIME type deception, which could lead to storage-based cross-site...