CVE-2022-0967
published 2022-03-15CVE-2022-0967: Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4.
PriorityP335medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EXPLOIT
EPSS
3.27%
86.9th percentile
Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| showdoc | showdoc | < 2.10.4 | 2.10.4 |
| showdoc | showdoc | >= 0 < 2.10.4 | 2.10.4 |
| star7th | star7th_showdoc | >= unspecified < 2.10.4 | 2.10.4 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv3.06.9MEDIUMCVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Stored Cross-site Scripting in showdoc
osv·2022-03-16
CVE-2022-0967 [MEDIUM] Stored Cross-site Scripting in showdoc
Stored Cross-site Scripting in showdoc
ShowDoc is a tool for an IT team to share documents online. showdoc contains a stored cross-site scripting vulnerability in the File Library page when uploading a file in .ofd format in versions prior to 2.10.4. At this time, there is no known workaround. Users should update to version 2.10.4.
GHSA
Stored Cross-site Scripting in showdoc
ghsa·2022-03-16
CVE-2022-0967 [MEDIUM] CWE-79 Stored Cross-site Scripting in showdoc
Stored Cross-site Scripting in showdoc
ShowDoc is a tool for an IT team to share documents online. showdoc contains a stored cross-site scripting vulnerability in the File Library page when uploading a file in .ofd format in versions prior to 2.10.4. At this time, there is no known workaround. Users should update to version 2.10.4.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/167198/Showdoc-2.10.3-Cross-Site-Scripting.htmlhttps://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8https://huntr.dev/bounties/9dea3c98-7609-480d-902d-149067bd1e2ahttp://packetstormsecurity.com/files/167198/Showdoc-2.10.3-Cross-Site-Scripting.htmlhttps://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8https://huntr.dev/bounties/9dea3c98-7609-480d-902d-149067bd1e2a
2022-03-15
Published