CVE-2026-38935

Name of the Vulnerable Software and Affected Versions diskover-community versions 2.3.5 and earlier

Description A reflected cross-site scripting (XSS) issue exists in the 'public/view.php' endpoint via the doctype parameter. Reflected XSS occurs when an application includes untrusted data in a web page without proper validation or encoding, allowing an attacker to execute malicious scripts in the victim's browser.

Recommendations Update to a version later than 2.3.5. As a temporary workaround, restrict or sanitize the input passed to the doctype parameter in the 'public/view.php' endpoint.