CVE Catalog

CVE-2026-38936

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

9th percentile - higher than 9% of all known CVEs

Summary

A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/selectindices.php via the namecontains parameter.

Risk Assessment

An attacker can inject malicious JavaScript code that executes in the victim's browser, potentially leading to session theft, account takeover, or data leakage.

Recommendation

Immediately upgrade diskover-community to a version newer than 2.3.5 that includes the fix. Until then, validate and sanitize input for the namecontains parameter.

Original NVD description (English source)

A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/selectindices.php via the namecontains parameter

Vulnerability data from NVD (NIST) · CISA KEV · EPSS