Docmost
Monthly
Docmost is open-source collaborative wiki and documentation software. Prior to 0.80.0, when leaving a comment on a page, it is possible to include a JavaScript URI as the link. When a user clicks on the link the JavaScript executes. This vulnerability is fixed in 0.80.0.
Docmost versions 0.3.0 through 0.70.x allow authenticated users with low privileges to overwrite arbitrary attachments belonging to other users within the same workspace via improper authorization checks on the POST /api/files/upload endpoint. An attacker can supply a victim's attachmentId to modify or corrupt files without user interaction, compromising document integrity across the workspace. No public exploit code has been identified; patch version 0.71.0 is available.
Stored cross-site scripting (XSS) in Docmost prior to version 0.71.0 allows authenticated users to inject malicious `javascript:` URLs into attachment nodes, executing arbitrary JavaScript in the browser context of other users who activate those attachments. Attack requires low privileges and user interaction (clicking the attachment), affecting all users viewing compromised pages. The vulnerability has been patched in version 0.71.0.
Stored cross-site scripting (XSS) in Docmost prior to version 0.70.0 allows authenticated attackers to inject malicious scripts through MIME type spoofing, potentially compromising user sessions and data integrity. The vulnerability requires user interaction (clicking a link or viewing injected content) and affects only the confidentiality and integrity of affected users' data, not availability. Vendor-released patch: version 0.70.0.
Docmost versions 0.70.0 through 0.70.2 allow unauthenticated users to bypass authorization controls and enumerate restricted child page titles and text snippets via the public search endpoint, exposing confidential documentation content that should only be visible to authorized share viewers. This medium-severity confidentiality breach affects any Docmost instance with publicly shared workspaces and requires user interaction (clicking a link or accessing the search interface), but poses significant risk to organizations treating Docmost as a confidential knowledge base.
Stored XSS in Docmost before version 0.25.0 allows authenticated attackers to inject malicious scripts into public share page titles that execute when victims visit shared links, compromising user sessions and data. The vulnerability stems from improper HTML escaping of page titles in meta and title tags, and public exploit code is available. Upgrade to version 0.25.0 or later to remediate.
Stored XSS in Docmost 0.3.0-0.23.2 allows authenticated users to execute arbitrary JavaScript in the browsers of document viewers through malicious Mermaid diagram code blocks. The vulnerability exists because unsanitized SVG/HTML output from Mermaid rendering is directly injected into the DOM, and Mermaid's security controls can be disabled via diagram directives. Public exploit code exists for this vulnerability, which is fixed in version 0.24.0.
Docmost versions 0.21.0 through 0.23.x contain a path traversal vulnerability in the zip import feature that allows authenticated attackers to write arbitrary files to the system due to insufficient filename validation. Public exploit code exists for this vulnerability, which could enable attackers to overwrite critical application files or achieve code execution. The vulnerability is patched in version 0.24.0 and affects all installations using the vulnerable import functionality.
Cross Site Scripting vulnerability in docmost v.0.21.0 and before allows an attacker to execute arbitrary code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Docmost is open-source collaborative wiki and documentation software. Prior to 0.80.0, when leaving a comment on a page, it is possible to include a JavaScript URI as the link. When a user clicks on the link the JavaScript executes. This vulnerability is fixed in 0.80.0.
Docmost versions 0.3.0 through 0.70.x allow authenticated users with low privileges to overwrite arbitrary attachments belonging to other users within the same workspace via improper authorization checks on the POST /api/files/upload endpoint. An attacker can supply a victim's attachmentId to modify or corrupt files without user interaction, compromising document integrity across the workspace. No public exploit code has been identified; patch version 0.71.0 is available.
Stored cross-site scripting (XSS) in Docmost prior to version 0.71.0 allows authenticated users to inject malicious `javascript:` URLs into attachment nodes, executing arbitrary JavaScript in the browser context of other users who activate those attachments. Attack requires low privileges and user interaction (clicking the attachment), affecting all users viewing compromised pages. The vulnerability has been patched in version 0.71.0.
Stored cross-site scripting (XSS) in Docmost prior to version 0.70.0 allows authenticated attackers to inject malicious scripts through MIME type spoofing, potentially compromising user sessions and data integrity. The vulnerability requires user interaction (clicking a link or viewing injected content) and affects only the confidentiality and integrity of affected users' data, not availability. Vendor-released patch: version 0.70.0.
Docmost versions 0.70.0 through 0.70.2 allow unauthenticated users to bypass authorization controls and enumerate restricted child page titles and text snippets via the public search endpoint, exposing confidential documentation content that should only be visible to authorized share viewers. This medium-severity confidentiality breach affects any Docmost instance with publicly shared workspaces and requires user interaction (clicking a link or accessing the search interface), but poses significant risk to organizations treating Docmost as a confidential knowledge base.
Stored XSS in Docmost before version 0.25.0 allows authenticated attackers to inject malicious scripts into public share page titles that execute when victims visit shared links, compromising user sessions and data. The vulnerability stems from improper HTML escaping of page titles in meta and title tags, and public exploit code is available. Upgrade to version 0.25.0 or later to remediate.
Stored XSS in Docmost 0.3.0-0.23.2 allows authenticated users to execute arbitrary JavaScript in the browsers of document viewers through malicious Mermaid diagram code blocks. The vulnerability exists because unsanitized SVG/HTML output from Mermaid rendering is directly injected into the DOM, and Mermaid's security controls can be disabled via diagram directives. Public exploit code exists for this vulnerability, which is fixed in version 0.24.0.
Docmost versions 0.21.0 through 0.23.x contain a path traversal vulnerability in the zip import feature that allows authenticated attackers to write arbitrary files to the system due to insufficient filename validation. Public exploit code exists for this vulnerability, which could enable attackers to overwrite critical application files or achieve code execution. The vulnerability is patched in version 0.24.0 and affects all installations using the vulnerable import functionality.
Cross Site Scripting vulnerability in docmost v.0.21.0 and before allows an attacker to execute arbitrary code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.