CNNVD-202601-3333 Information

CNNVD ID

CNNVD-202601-3333

Related CVE

CVE-2026-23630

• CNNVD Published: 2026-01-21

Description (Chinese)

Docmost是Docmost开源的一个开协作维基和文档软件。 Docmost 0.23.2及之前版本存在安全漏洞，该漏洞源于Mermaid代码块渲染未进行清理，可能导致存储型跨站脚本攻击。

Description (English)

Dochost is an open collaborative wiki and document software for Docchost Open Source. There is a security loophole in Dochost 0.23.2 and earlier versions, which stems from the fact that the Mermaid coding is uncleaned and may result in a storage-type cross-site script attack.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Docmost

Published

2026-01-21

Last Modified

2026-02-24

References

https://github.com/docmost/docmost/commit/cb9f27da9a8b4940760e37e5238a1eb91e427daf https://github.com/docmost/docmost/releases/tag/v0.24.0 https://github.com/docmost/docmost/security/advisories/GHSA-r4hj-mc62-jmwj https://access.redhat.com/security/cve/cve-2026-23630

Patch

https://github.com/docmost/docmost/releases