Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-22867

LaSuite Doc is a collaborative note taking, wiki and documentation platform. From 3.8.0 to 4.3.0, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Interlinking feature. When a user creates a link to another document within the editor, the URL of that link is not validated. An attacker with document editing privileges can inject a malicious javascript: URL that executes arbitrary code when other users click on the link. This vulnerability is fixed in 4.4.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 13.2%
CVSS Severity
CVSS v3 Score 8.7
Products affected by CVE-2026-22867
  • Lasuite » Docs » Version: 3.10.0
    cpe:2.3:a:lasuite:docs:3.10.0
  • Lasuite » Docs » Version: 3.8.0
    cpe:2.3:a:lasuite:docs:3.8.0
  • Lasuite » Docs » Version: 3.8.1
    cpe:2.3:a:lasuite:docs:3.8.1
  • Lasuite » Docs » Version: 3.8.2
    cpe:2.3:a:lasuite:docs:3.8.2
  • Lasuite » Docs » Version: 3.8.21
    cpe:2.3:a:lasuite:docs:3.8.21
  • Lasuite » Docs » Version: 3.9.0
    cpe:2.3:a:lasuite:docs:3.9.0
  • Lasuite » Docs » Version: 4.0.0
    cpe:2.3:a:lasuite:docs:4.0.0
  • Lasuite » Docs » Version: 4.1.0
    cpe:2.3:a:lasuite:docs:4.1.0
  • Lasuite » Docs » Version: 4.2.0
    cpe:2.3:a:lasuite:docs:4.2.0


Products
Pricing
Contact Us

Shodan ® - All rights reserved