A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/view.php via the doctype parameterReferenceshttps://github.com/VadlaReddySai/diskoverdata-cve-writeups/blob/main/CVE-2026-38935