CVE Catalog
CVE-2026-38936
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk0.19%
9th percentile - higher than 9% of all known CVEs
Summary
A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/selectindices.php via the namecontains parameter.
Risk Assessment
An attacker can inject malicious JavaScript code that executes in the victim's browser, potentially leading to session theft, account takeover, or data leakage.
Recommendation
Immediately upgrade diskover-community to a version newer than 2.3.5 that includes the fix. Until then, validate and sanitize input for the namecontains parameter.
Original NVD description (English source)
A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/selectindices.php via the namecontains parameter

