CVE-2026-33193

EUVD-2026-22752 MEDIUM

2026-04-14 [email protected]

XSS

4.6

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

patch_available

Apr 16, 2026 - 05:29 EUVD

0.70.0

Analysis Generated

Apr 14, 2026 - 22:43 vuln.today

DescriptionNVD

Docmost is open-source collaborative wiki and documentation software. Versions prior to 0.70.0 are vulnerable to a stored cross-site scripting (XSS) attack due to improper handling of MIME type spoofing (GHSL-2026-052). An attacker could exploit this flaw to inject malicious scripts, potentially compromising the security of users and data. Version 0.70.0 contains a patch.

AnalysisAI

Stored cross-site scripting (XSS) in Docmost prior to version 0.70.0 allows authenticated attackers to inject malicious scripts through MIME type spoofing, potentially compromising user sessions and data integrity. The vulnerability requires user interaction (clicking a link or viewing injected content) and affects only the confidentiality and integrity of affected users' data, not availability. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-33193 vulnerability details – vuln.today

Back