CVE-2026-40927

· NIST NVD ↗

Docmost is open-source collaborative wiki and documentation software. Prior to 0.80.0, when leaving a comment on a page, it is possible to include a JavaScript URI as the link. When a user clicks on the link the JavaScript executes. This vulnerability is fixed in 0.80.0.

MEDIUM
CVSS severity
5.4
CVSS base score
2026-04-21
Published

CWE codes

CWE-79

Affected products

docmost:docmost

Sources