Описание
Cross-site Scripting in ShowDoc
ShowDoc prior to 2.10.4 is vulnerable to stored cross-site scripting via uploading files with files in .xsd, .asa, and .aspx formats.
Пакеты
Наименование
showdoc/showdoc
composer
Затронутые версииВерсия исправления
< 2.10.4
2.10.4
Связанные уязвимости
CVSS3: 5.4
nvd
почти 4 года назад
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to 2.10.4.