2 matches found
CVE-2026-34212 Docmost page content has stored XSS via unsanitized attachment URLs
Docmost is open-source collaborative wiki and documentation software. In versions prior to 0.71.0, improper neutralization of attachment URLs in Docmost allows a low-privileged authenticated user to store a malicious javascript: URL inside an attachment node in page content. When another user vie...
eml_parser 路径遍历漏洞
EMLParser is an open-source Python library for parsing email files developed by GOVCERT.LU. Versions of EMLParser prior to 2.0.1 contained a path traversal vulnerability. This vulnerability occurred because the sample scripts did not clean up the names of attachment files, allowing arbitrary file...