Description

LaSuite Doc is a collaborative note taking, wiki and documentation platform. From 3.8.0 to 4.3.0, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Interlinking feature. When a user creates a link to another document within the editor, the URL of that link is not validated. An attacker with document editing privileges can inject a malicious javascript: URL that executes arbitrary code when other users click on the link. This vulnerability is fixed in 4.4.0.

INFO

Published Date :

2026-01-15T16:31:34.397Z

Last Modified :

2026-01-15T16:46:57.161Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-22867 vulnerability.

Vendors Products
Lasuite
  • Docs
Suitenumerique
  • Docs
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-22867.

URL Resource
https://github.com/suitenumerique/docs/commit/e807237dbedbc189230296b81c3aeccc1c04fa77 cve-icon cve-icon
https://github.com/suitenumerique/docs/releases/tag/v4.4.0 cve-icon cve-icon
https://github.com/suitenumerique/docs/security/advisories/GHSA-4rwv-ghwh-9rv6 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact