Описание
Cross-site Scripting in ShowDoc
ShowDoc is vulnerable to stored cross-site scripting due to unrestricted file upload in versions 2.10.3 and prior. A patch is available and anticipated to be part of version 2.10.4.
Пакеты
Наименование
showdoc/showdoc
composer
Затронутые версииВерсия исправления
<= 2.10.3
2.10.4
Связанные уязвимости
CVSS3: 5.4
nvd
почти 4 года назад
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4.