Docmost Stored Cross-Site Scripting Vulnerability in Mermaid Code Block Rendering
Vulnerability
A stored Cross-Site Scripting (XSS) vulnerability has been identified in Docmost versions 0.3.0 prior to 0.23.2. The issue arises in the rendering of Mermaid diagrams, where attacker-controlled content is processed and injected into the DOM without proper sanitization. This vulnerability allows for the execution of arbitrary HTML and JavaScript in the context of the user viewing the page.
Impact
Exploitation of this vulnerability allows for stored Cross-Site Scripting, where injected JavaScript is executed in the browsers of users viewing the affected page. This could lead to account takeover, data exfiltration, or phishing attacks via the application's user interface.
Reproduction
To reproduce this vulnerability, insert a Mermaid code block containing a payload, such as an image tag with an 'onerror' event, into a page using a vulnerable version of Docmost. Save the page and then view it to trigger the XSS payload execution.
Remediation
Users are advised to upgrade to Docmost version 0.24.0, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.