Docmost is open-source collaborative wiki and documentation software. From 0.20.0 and before 0.25.0, the public share page functionality in Docmost does not properly HTML-escape page titles before ins
Docmost is open-source collaborative wiki and documentation software. Versions prior to 0.70.0 are vulnerable to a stored cross-site scripting (XSS) attack due to improper handling of MIME type spoofi
Docmost is open-source collaborative wiki and documentation software. Prior to 0.80.0, when leaving a comment on a page, it is possible to include a JavaScript URI as the link. When a user clicks on t
Docmost is open-source collaborative wiki and documentation software. In versions prior to 0.71.0, improper neutralization of attachment URLs in Docmost allows a low-privileged authenticated user to s
Docmost is an open-source collaborative wiki and documentation software. From 0.21.0 to before 0.24.0, Docmost is vulnerable to Arbitrary File Write via Zip Import Feature (ZipSlip). In apps/server/sr
Docmost is open-source collaborative wiki and documentation software. An authorization bypass vulnerability in versions 0.70.0 through 0.70.2 exposes restricted child page titles and text snippets thr
Docmost is open-source collaborative wiki and documentation software. Starting in version 0.3.0 and prior to version 0.71.0, improper authorization in Docmost allows a low-privileged authenticated use
Cross Site Scripting vulnerability in docmost v.0.21.0 and before allows an attacker to execute arbitrary code
Docmost is open-source collaborative wiki and documentation software. In versions 0.3.0 through 0.23.2, Mermaid code block rendering is vulnerable to stored Cross-Site Scripting (XSS). The frontend ca
HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.3, a malicious SVG file uploaded to HedgeDoc results in the possibility of XSS when opened in a new tab
A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/view.php via the doctype parameter
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki - ProofreadPage Extension allows Cross-Site Scripting (XSS).
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Wikimedia Foundation MediaWiki - ProofreadPage Extension allows XSS Targeting Non-Script Elements.
Improper neutralization of alternate XSS syntax vulnerability in The Wikimedia Foundation Mediawiki - Wikilove Extension allows Cross-Site Scripting (XSS).The issue has been remediated on the `master`
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - RefreshSpecial Extension allows Cross-Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - LastModified Extension allows Stored XSS.This issue af
A Cross-site Scripting (XSS) vulnerability exists in version v2024-01-05 of the indexmenu plugin when is used and enabled in Dokuwiki (Open Source Wiki Engine). A malicious attacker can input XSS payl
LaSuite Doc is a collaborative note taking, wiki and documentation platform. From 3.8.0 to 4.3.0, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Interlinking feature. When a user crea
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - GoogleDocs4MW Extension allows Cross-Site Scripting (XSS).
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Wikibase Extension allows Cross-Site Scripting (XSS).T
Page 1+ Next →