Описание
Cross-site Scripting in showdoc/showdoc
ShowDoc is a tool greatly applicable for an IT team to share documents online. showdoc/showdoc allows .properties files to upload which lead to stored XSS in versions prior to 2.10.4. This allows attackers to execute malicious scripts in the user's browser. This issue was patched in version 2.10.4. There is currently no known workaround.
Пакеты
Наименование
showdoc/showdoc
composer
Затронутые версииВерсия исправления
< 2.10.4
2.10.4
Связанные уязвимости
CVSS3: 5.4
nvd
почти 4 года назад
Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4.