VadlaReddySai/diskoverdata-cve-writeups

Releases0

Multiple CVEs (CVE-2026-38934, CVE-2026-38935, CVE-2026-38936) discovered in diskover-community including CSRF and XSS vulnerabilities with proof-of-concept and impact analysis.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-38934 ↗	Apr 27, 2026Monday, 27 April 2026, 17:16	8.8 HIGH	—
Cross Site Request Forgery vulnerability in diskoverdata diskover-community v.2.3.5. and before allows a remote attacker to escalate privileges and obtain sensitive information via the public/settings_process.php
CVE-2026-38935 ↗	Apr 27, 2026Monday, 27 April 2026, 17:16	6.1 MEDIUM	—
A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/view.php via the doctype parameter
CVE-2026-38936 ↗	Apr 27, 2026Monday, 27 April 2026, 17:16	6.1 MEDIUM	—
A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/selectindices.php via the namecontains parameter