Vulnerability Details CVE-2026-24045
Docmost is open-source collaborative wiki and documentation software. From g and before 0.25.0, the public share page functionality in Docmost does not properly HTML-escape page titles before inserting them into meta tags and the title tag. This allows Stored Cross-Site Scripting (XSS) attacks, where an attacker can execute arbitrary JavaScript in the context of any user who opens a shared page link. This vulnerability is fixed in 0.25.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.8%
CVSS Severity
CVSS v3 Score 7.3
References
Products affected by CVE-2026-24045
-
cpe:2.3:a:docmost:docmost:0.20.0
-
cpe:2.3:a:docmost:docmost:0.20.1
-
cpe:2.3:a:docmost:docmost:0.20.2
-
cpe:2.3:a:docmost:docmost:0.20.3
-
cpe:2.3:a:docmost:docmost:0.20.4
-
cpe:2.3:a:docmost:docmost:0.21.0
-
cpe:2.3:a:docmost:docmost:0.22.0
-
cpe:2.3:a:docmost:docmost:0.22.1
-
cpe:2.3:a:docmost:docmost:0.22.2
-
cpe:2.3:a:docmost:docmost:0.23.0
-
cpe:2.3:a:docmost:docmost:0.23.1