Diskover Security Vulnerabilities and Issues — Diskover CVE List

Lucene search

DiskoverdataDiskover

3 matches found

CVE•added 2025/08/27 4:15 p.m.•6 views

CVE-2025-50984

diskover-web v2.3.0 Community Edition is vulnerable to multiple boolean-based blind SQL injection flaws in its Elasticsearch configuration form. Unsanitized user input in POST parameters such as ES_PASS, ES_MAXSIZE, ES_TRANSLOGSIZE, ES_TIMEOUT, ES_USER, ES_HOST, ES_PORT, ES_SCROLLSIZE, ES_CHUNKSIZE...

5.3CVSS7.1AI score0.00048EPSS

CVE•added 2025/08/27 3:15 p.m.•6 views

CVE-2025-50986

diskover-web v2.3.0 Community Edition suffers from multiple stored cross-site scripting (XSS) vulnerabilities in its administrative settings interface. Various configuration fields such as ES_HOST, ES_INDEXREFRESH, ES_PORT, ES_SCROLLSIZE, ES_TRANSLOGSIZE, ES_TRANSLOGSYNCINT, EXCLUDES_FILES, FILE_TY...

5.6CVSS6.1AI score0.00051EPSS

CVE•added 2025/08/27 3:15 p.m.•5 views

CVE-2025-50985

diskover-web v2.3.0 Community Edition is vulnerable to multiple reflected cross-site scripting (XSS) flaws in its web interface. Unsanitized GET parameters including maxage, maxindex, index, path, q (query), and doctype are directly echoed into the HTML response, allowing attackers to inject and ex...

5.6CVSS6.2AI score0.00051EPSS