Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

docmost — Vulnerabilities & Security Advisories 8

All 8 CVE vulnerabilities found in docmost, with AI-generated Chinese analysis, references, and POCs.

Vendor: docmost

CVE IDTitleCVSSSeverityPaused
CVE-2026-40927 Docmost: XSS in Comments with JavaScript URI CWE-79 5.4 Medium2026-04-21
CVE-2026-34213 Docmost has cross-page attachment overwrite via flawed attachmentId overwrite validation CWE-639 5.4 Medium2026-04-14
CVE-2026-34212 Docmost page content has stored XSS via unsanitized attachment URLs CWE-79 5.4 Medium2026-04-14
CVE-2026-33193 Docmost vulnerable to stored XSS via MIME type spoofing CWE-79 4.6 Medium2026-04-14
CVE-2026-33146 Docmost's Public Share Search Exposes Metadata of Restricted Children CWE-285 4.3 Medium2026-04-14
CVE-2026-24045 Docmost Affected by Stored XSS in Public Share Page CWE-79 7.3 High2026-02-10
CVE-2026-23630 Docmost is vulnerable to stored Cross-Site Scripting (XSS) through Mermaid rendering CWE-79 5.4AIMediumAI2026-01-21
CVE-2026-22249 Docmost affected by an Arbitrary File Write via Zip Import Feature (ZipSlip) CWE-22 7.1 High2026-01-15

All 8 known CVE vulnerabilities affecting docmost with full Chinese analysis, references, and POCs where available.