CVE-2026-22867
BaseFortify
Publication date: 2026-01-15
Last updated on: 2026-03-12
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| lasuite | docs | From 3.8.0 (inc) to 4.3.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-22867 is a Stored Cross-Site Scripting (XSS) vulnerability in the Interlinking feature of the LaSuite Doc platform versions 3.8.0 to 4.3.0. It occurs because the URL used in document interlinking is not validated or sanitized. An attacker with document editing privileges can inject a malicious javascript: URL into a link. When other users click this link, the malicious JavaScript code executes in their browsers, potentially compromising their security. The vulnerability was fixed in version 4.4.0 by validating inputs, removing unsafe URL handling, and sanitizing props in the frontend component responsible for interlinking. [1, 3]
How can this vulnerability impact me? :
This vulnerability can lead to execution of arbitrary JavaScript code in the browsers of users who click on malicious interlinked document links. This can compromise confidentiality and integrity by allowing attackers to steal sensitive information or manipulate data. Additionally, the vulnerability enables a self-propagating worm attack, where the malicious script can replicate itself by copying to all documents the victim can edit, spreading the attack to other users without further interaction. [3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying documents containing malicious javascript: URLs in the Interlinking feature. Since the vulnerability arises from unvalidated URLs in document links, you can search for documents or database entries containing 'javascript:' URLs within the interlinking blocks. For example, if you have access to the document storage or database, you can run queries to find links starting with 'javascript:'. Additionally, monitoring user edits for insertion of suspicious URLs or enabling logging on document edits to detect such patterns can help. Specific commands depend on your environment, but a generic example using grep on exported document data or database dumps could be: grep -r 'javascript:' /path/to/documents or SQL queries like SELECT * FROM documents WHERE content LIKE '%javascript:%'; Note that no specific detection commands are provided in the resources. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading the suitenumerique/docs platform to version 4.4.0 or later, where the vulnerability is fixed by validating document IDs, removing unsafe URL props, and sanitizing inputs in the Interlinking feature. Until the upgrade, restrict document editing privileges to trusted users only, as the vulnerability requires document editing rights to exploit. Additionally, educate users to avoid clicking suspicious interlinking document links. Monitoring and logging document edits for malicious URL insertions can also help mitigate risk. Applying the official patch or update is the most effective mitigation. [1, 2, 3]