Docmost Stored Cross-Site Scripting Vulnerability in Public Share Page Feature
Vulnerability
A stored cross-site scripting vulnerability has been identified in Docmost versions 0.20.0 prior to 0.25.0. The issue arises in the public share page functionality, where page titles are not properly HTML-escaped before being inserted into meta tags and the title tag. This flaw allows attackers to execute arbitrary JavaScript in the context of users who open a shared page link.
Impact
Exploitation of this vulnerability allows for stored cross-site scripting, where injected JavaScript is executed in the context of the user viewing the shared page.
Reproduction
To reproduce this vulnerability, create a new page with a title that includes a script tag, such as a JavaScript alert script. After saving the page, enable the 'Share to web' option and copy the share URL. When this URL is opened in a browser, the JavaScript alert will execute, demonstrating the cross-site scripting vulnerability.
Remediation
Users can upgrade to Docmost version 0.25.0 to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.