{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33193", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-17T22:16:36.721Z", "datePublished": "2026-04-14T21:39:45.500Z", "dateUpdated": "2026-04-16T13:51:42.724Z"}, "containers": {"cna": {"title": "Docmost vulnerable to stored XSS via MIME type spoofing", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/docmost/docmost/security/advisories/GHSA-7cq4-577p-wp6p", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/docmost/docmost/security/advisories/GHSA-7cq4-577p-wp6p"}], "affected": [{"vendor": "docmost", "product": "docmost", "versions": [{"version": "< 0.70.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-14T21:39:45.500Z"}, "descriptions": [{"lang": "en", "value": "Docmost is open-source collaborative wiki and documentation software. Versions prior to 0.70.0 are vulnerable to a stored cross-site scripting (XSS) attack due to improper handling of MIME type spoofing (GHSL-2026-052). An attacker could exploit this flaw to inject malicious scripts, potentially compromising the security of users and data. Version 0.70.0 contains a patch."}], "source": {"advisory": "GHSA-7cq4-577p-wp6p", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-16T13:51:25.793213Z", "id": "CVE-2026-33193", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T13:51:42.724Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33193", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-16T13:51:25.793213Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T13:51:34.684Z"}}], "cna": {"title": "Docmost vulnerable to stored XSS via MIME type spoofing", "source": {"advisory": "GHSA-7cq4-577p-wp6p", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "docmost", "product": "docmost", "versions": [{"status": "affected", "version": "< 0.70.0"}]}], "references": [{"url": "https://github.com/docmost/docmost/security/advisories/GHSA-7cq4-577p-wp6p", "name": "https://github.com/docmost/docmost/security/advisories/GHSA-7cq4-577p-wp6p", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Docmost is open-source collaborative wiki and documentation software. Versions prior to 0.70.0 are vulnerable to a stored cross-site scripting (XSS) attack due to improper handling of MIME type spoofing (GHSL-2026-052). An attacker could exploit this flaw to inject malicious scripts, potentially compromising the security of users and data. Version 0.70.0 contains a patch."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-14T21:39:45.500Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33193", "state": "PUBLISHED", "dateUpdated": "2026-04-16T13:51:42.724Z", "dateReserved": "2026-03-17T22:16:36.721Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-14T21:39:45.500Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:docmost:docmost:*:*:*:*:*:*:*:*", "matchCriteriaId": "A06B1F8A-400A-4DFC-98D5-ABAED75EDB69", "versionEndExcluding": "0.70.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Docmost is open-source collaborative wiki and documentation software. Versions prior to 0.70.0 are vulnerable to a stored cross-site scripting (XSS) attack due to improper handling of MIME type spoofing (GHSL-2026-052). An attacker could exploit this flaw to inject malicious scripts, potentially compromising the security of users and data. Version 0.70.0 contains a patch."}], "id": "CVE-2026-33193", "lastModified": "2026-04-23T14:17:27.870", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 2.5, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-14T22:16:30.867", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/docmost/docmost/security/advisories/GHSA-7cq4-577p-wp6p"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.70.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "docmost", "source": "cna", "vendor": "docmost"}, "product": "docmost", "vendor": "docmost"}], "analysis": {"en": {"generated_at": "2026-04-14T23:26:28.045547+00:00", "value": {"mitigation_remediation": ["Upgrade to Docmost 0.70.0 or later. ", "If an immediate upgrade is not feasible, disable or tightly restrict public uploads and enforce strict MIME type validation to prevent spoofing. ", "Conduct a web application security scan to locate any injected scripts and remove them."], "summary": {"action": "Patch", "impact": "Stored Cross\u2011Site Scripting"}, "threat_synthesis": {"affected_systems": "Docmost 0.69.x and earlier versions of the open\u2011source wiki and documentation platform. The fix is included in version 0.70.0. Users running older releases are vulnerable.", "description_and_impact": "The vulnerability is a stored cross\u2011site scripting flaw caused by Docmost\u2019s improper handling of MIME type spoofing. An attacker can inject malicious JavaScript into the system, which will execute in the browsers of users who view the affected content. This could lead to theft of session cookies, execution of unauthorized actions, and wider compromise of the collaborative environment.", "risk_and_exploitability": "The CVSS score of 4.6 indicates a moderate risk, and the lack of an EPSS score or KEV listing means that exploitation is not known to be actively leveraged. The likely attack path involves an attacker with the ability to add or modify content, possibly through unauthenticated uploads, triggering the MIME type spoofing that stores malicious scripts. Once stored, the scripts run whenever other users view the content."}}}}, "created": "2026-04-15T13:48:23.622462+00:00", "updated": "2026-04-15T14:31:57.032454+00:00", "vendors": ["docmost", "docmost$PRODUCT$docmost"]}