CVE-2026-33193 Docmost vulnerable to stored XSS via MIME type spoofing

Docmost is open-source collaborative wiki and documentation software. Versions prior to 0.70.0 are vulnerable to a stored cross-site scripting XSS attack due to improper handling of MIME type spoofing GHSL-2026-052. An attacker could exploit this flaw to inject malicious scripts, potentially...

CVE-2026-23630 Docmost is vulnerable to stored Cross-Site Scripting (XSS) through Mermaid rendering

Docmost is open-source collaborative wiki and documentation software. In versions 0.3.0 through 0.23.2, Mermaid code block rendering is vulnerable to stored Cross-Site Scripting XSS. The frontend can render attacker-controlled Mermaid diagrams using mermaid.render, then inject the returned SVG/HT...

CVE-2026-22249 Docmost affected by an Arbitrary File Write via Zip Import Feature (ZipSlip)

Docmost is an open-source collaborative wiki and documentation software. From 0.21.0 to before 0.24.0, Docmost is vulnerable to Arbitrary File Write via Zip Import Feature ZipSlip. In apps/server/src/integrations/import/utils/file.utils.ts, there are no validation on filename. This vulnerability ...

CVE-2025-55574

Cross Site Scripting vulnerability in docmost v.0.21.0 and before allows an attacker to execute arbitrary code...

PT-2025-34672 · Docmost · Docmost

Name of the Vulnerable Software and Affected Versions: docmost versions prior to 0.21.0 Description: A Cross Site Scripting issue exists in docmost versions prior to 0.21.0, potentially allowing an attacker to execute arbitrary code. Recommendations: Update to a version newer than 0.21.0...

Docmost 安全漏洞

Docmost is an open collaboration wiki and documentation software from Docmost Open Source. A security vulnerability exists in Docmost 0.21.0 and earlier versions, which stems from vulnerability to cross-site scripting attacks that could lead to the execution of arbitrary code...