CVE-2026-33193

MEDIUM NVD

CVSS Score 4.6

Severity MEDIUM

Published Apr 14, 2026

Vendor unknown

Description

Docmost is open-source collaborative wiki and documentation software. Versions prior to 0.70.0 are vulnerable to a stored cross-site scripting (XSS) attack due to improper handling of MIME type spoofing (GHSL-2026-052). An attacker could exploit this flaw to inject malicious scripts, potentially compromising the security of users and data. Version 0.70.0 contains a patch.

References

https://github.com/docmost/docmost/security/advisories/GHSA-7cq4-577p-wp6p