CVE Catalog
CVE-2026-38935
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk0.19%
9th percentile - higher than 9% of all known CVEs
Summary
A reflected cross-site scripting (XSS) vulnerability exists in diskover-community version 2.3.5 and earlier. An attacker can inject malicious JavaScript code via the doctype parameter in public/view.php.
Risk Assessment
The risk involves arbitrary script execution in the victim's browser, potentially leading to session theft, account takeover, or sensitive data leakage.
Recommendation
Immediately upgrade diskover-community to a version later than 2.3.5 that includes a fix for the XSS vulnerability.
Original NVD description (English source)
A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/view.php via the doctype parameter

