A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/selectindices.php via the namecontains parameterReferenceshttps://github.com/VadlaReddySai/diskoverdata-cve-writeups/blob/main/CVE-2026-38936