CVE Catalog

CVE-2026-38935

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

9th percentile - higher than 9% of all known CVEs

Summary

A reflected cross-site scripting (XSS) vulnerability exists in diskover-community version 2.3.5 and earlier. An attacker can inject malicious JavaScript code via the doctype parameter in public/view.php.

Risk Assessment

The risk involves arbitrary script execution in the victim's browser, potentially leading to session theft, account takeover, or sensitive data leakage.

Recommendation

Immediately upgrade diskover-community to a version later than 2.3.5 that includes a fix for the XSS vulnerability.

Original NVD description (English source)

A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/view.php via the doctype parameter

Vulnerability data from NVD (NIST) · CISA KEV · EPSS