Is Docs affected by CVE-2026-22867?

Organizations using LaSuite Doc face significant risk from CVE-2026-22867, a cross-site scripting vulnerability rated CVSS 8.7. Attackers could inject malicious scripts to steal user sessions, credentials, or perform actions on behalf of authenticated users.

CVE-2026-22867

HIGH

2026-01-15 [email protected]

8.7

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

Patch Released

Mar 12, 2026 - 17:29 nvd

Patch available

CVE Published

Jan 15, 2026 - 17:16 nvd

HIGH 8.7

Description

LaSuite Doc is a collaborative note taking, wiki and documentation platform. From 3.8.0 to 4.3.0, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Interlinking feature. When a user creates a link to another document within the editor, the URL of that link is not validated. An attacker with document editing privileges can inject a malicious javascript: URL that executes arbitrary code when other users click on the link. This vulnerability is fixed in 4.4.0.

Analysis

Stored XSS in LaSuite Doc versions 3.8.0 through 4.3.0 allows authenticated users with document editing privileges to inject malicious JavaScript URLs into the Interlinking feature, which execute when other users click the crafted links. This vulnerability affects the collaborative documentation platform's security model by enabling arbitrary code execution in victims' browsers. …

Remediation

Within 7 days: Identify all affected systems and apply vendor patches promptly. Verify anti-CSRF tokens and content security policies are enforced.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +44

POC: 0

CVE-2026-22867 vulnerability details – vuln.today

Back

CVE-2026-22867

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-22867

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code