Security readout for executives and security teams
Plain-English summary
CVE-2026-38935 is a medium-severity reflected cross-site scripting issue in diskover-community versions up to 2.3.5. An attacker could craft a link that causes JavaScript to run in a user’s browser if the user clicks it. Business impact is mainly session, data exposure, or user-action risk in environments where diskover is accessible.
Executive priority
Treat as a near-term remediation item, especially if diskover is internet-accessible or used by privileged staff. It is not currently supported by the provided sources as actively exploited, but XSS can still enable account misuse and data exposure when users click malicious links.
Technical view
The CVE describes CWE-79 reflected XSS in diskover-community <= 2.3.5, in public/view.php through the doctype parameter. CVSS 3.1 is 6.1 with network attack vector, low complexity, no privileges required, user interaction required, changed scope, and low confidentiality and integrity impact. No availability impact is indicated.
Likely exposure
Exposure is most relevant where diskover-community web interfaces are reachable by users or the internet. The affected version statement is <= 2.3.5, but the CVE affected-product metadata is incomplete, so teams should confirm deployments and versions from their own inventory.
Exploitation context
The CVE requires user interaction, consistent with reflected XSS. The provided data does not show CISA KEV listing or active exploitation. A public GitHub reference is listed, but the source bundle does not establish exploitation in the wild.
Researcher notes
The record has limited affected-product metadata despite naming diskover-community <= 2.3.5 in the title and description. Validate against deployed software rather than relying on CPEs. Avoid assuming a patch exists; the provided sources do not name one.
Mitigation direction
Check vendor or project guidance for a fixed version or official mitigation.
Identify diskover-community deployments and prioritize versions <= 2.3.5 for review.
Restrict access to diskover web interfaces where business operations allow.
Educate users not to open untrusted links to internal tools.
Monitor web logs for suspicious requests to public/view.php using doctype.
Validation and detection
Inventory diskover-community instances and record running versions.
Confirm whether public/view.php is present and reachable.
Review whether instances are <= 2.3.5.
Check application logs for unusual doctype parameter activity.
Track CVE and project references for patch or advisory updates.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · medium confidence lookup
CWE-79: User-session and phishing behavior lookup
Client-side and session-facing weaknesses should be reviewed alongside initial-access and user-execution behaviors. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-79 · source CWE mapping
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.