Skip to main content

Diplodoc Search Extension

1 CVEs product

Monthly

CVE-2026-40201 npm MEDIUM PATCH This Month

Stored cross-site scripting (XSS) in @diplodoc/search-extension versions 1.0.0 through 3.0.2 allows authenticated users to inject malicious scripts via the title field in Markdown files, which are then executed in the browsers of other users viewing the affected documentation. The vulnerability requires user interaction (rendered content must be viewed) and affects the confidentiality and integrity of affected systems. Vendor-released patch: version 3.0.3.

XSS Diplodoc Search Extension
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Stored cross-site scripting (XSS) in @diplodoc/search-extension versions 1.0.0 through 3.0.2 allows authenticated users to inject malicious scripts via the title field in Markdown files, which are then executed in the browsers of other users viewing the affected documentation. The vulnerability requires user interaction (rendered content must be viewed) and affects the confidentiality and integrity of affected systems. Vendor-released patch: version 3.0.3.

XSS Diplodoc Search Extension
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy