CVE-2022-0938
published 2022-03-14CVE-2022-0938: Stored XSS via file upload in GitHub repository star7th/showdoc prior to v2.10.4.
PriorityP426medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.63%
45.7th percentile
Stored XSS via file upload in GitHub repository star7th/showdoc prior to v2.10.4.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| showdoc | showdoc | <= 2.10.3 | — |
| showdoc | showdoc | >= 0 < 2.10.4 | 2.10.4 |
| star7th | star7th_showdoc | >= unspecified < v2.10.4 | v2.10.4 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv3.07.1HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
cisa7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Cross-site Scripting in ShowDoc
osv·2022-03-15
CVE-2022-0938 [MEDIUM] Cross-site Scripting in ShowDoc
Cross-site Scripting in ShowDoc
ShowDoc is vulnerable to stored cross-site scripting through file upload in versions 2.10.3 and prior. A patch is available and anticipated to be part of version 2.10.4.
GHSA
Cross-site Scripting in ShowDoc
ghsa·2022-03-15
CVE-2022-0938 [MEDIUM] CWE-79 Cross-site Scripting in ShowDoc
Cross-site Scripting in ShowDoc
ShowDoc is vulnerable to stored cross-site scripting through file upload in versions 2.10.3 and prior. A patch is available and anticipated to be part of version 2.10.4.
CISA
Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability
cisa·2021-11-03·CVSS 7.8
CVE-2020-0938 [HIGH] CWE-787 Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability
Vulnerability: Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability
Affected: Microsoft Windows
Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows for remote code execution for all systems except Windows 10. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2020-0938
Remediation Due Date: 2022-05-03
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-03-14
Published