CVE-2026-24045
- EPSS 0.03%
- Veröffentlicht 10.02.2026 16:56:37
- Zuletzt bearbeitet 25.02.2026 15:04:32
Docmost is open-source collaborative wiki and documentation software. From g and before 0.25.0, the public share page functionality in Docmost does not properly HTML-escape page titles before inserting them into meta tags and the title tag. This allo...
CVE-2026-23630
- EPSS 0.04%
- Veröffentlicht 21.01.2026 22:51:27
- Zuletzt bearbeitet 17.02.2026 16:50:10
Docmost is open-source collaborative wiki and documentation software. In versions 0.3.0 through 0.23.2, Mermaid code block rendering is vulnerable to stored Cross-Site Scripting (XSS). The frontend can render attacker-controlled Mermaid diagrams usin...
CVE-2026-22249
- EPSS 0.03%
- Veröffentlicht 15.01.2026 18:43:56
- Zuletzt bearbeitet 22.01.2026 15:44:51
Docmost is an open-source collaborative wiki and documentation software. From 0.21.0 to before 0.24.0, Docmost is vulnerable to Arbitrary File Write via Zip Import Feature (ZipSlip). In apps/server/src/integrations/import/utils/file.utils.ts, there a...
CVE-2025-55574
- EPSS 0.03%
- Veröffentlicht 25.08.2025 00:00:00
- Zuletzt bearbeitet 15.09.2025 19:44:23
Cross Site Scripting vulnerability in docmost v.0.21.0 and before allows an attacker to execute arbitrary code