B4Sh2

**Name of the Vulnerable Software and Affected Versions** Docmost versions prior to 0.70.0 **Description** Docmost is open-source collaborative wiki and documentation software. The software is subject to a stored cross-site scripting (XSS) attack, which occurs when an application includes untrusted data in a web page without proper validation, allowing a malicious script to be permanently stored on the server. This issue is caused by improper handling of MIME type spoofing, where an attacker can misrepresent the file type of an uploaded file to trick the browser into executing it as a script. **Recommendations** Update to version 0.70.0.