CVE-2026-38936

A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/selectindices.php via the namecontains parameter
Configurations

No configuration.

History

05 Jul 2026, 17:17

Type Values Removed Values Added
References
  • {'url': 'http://diskoverdata.com', 'source': 'cve@mitre.org'}

05 Jul 2026, 02:17

Type Values Removed Values Added
References
  • {'url': 'http://diskover-community.com', 'source': 'cve@mitre.org'}

27 Apr 2026, 18:16

Type Values Removed Values Added
CWE CWE-79
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
References () https://github.com/VadlaReddySai/diskoverdata-cve-writeups/blob/main/CVE-2026-38936 - () https://github.com/VadlaReddySai/diskoverdata-cve-writeups/blob/main/CVE-2026-38936 -

27 Apr 2026, 17:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-04-27 17:16

Updated : 2026-07-05 17:17


NVD link : CVE-2026-38936

Mitre link : CVE-2026-38936

CVE.ORG link : CVE-2026-38936


JSON object : View

Products Affected

No product.

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')