CVE-2022-0946

MEDIUM5.4EPSS 0.32%

Cross-site Scripting in ShowDoc

Published: 3/15/2022Modified: 11/8/2023

Description

ShowDoc is vulnerable to stored cross-site scripting via viva cshtm file upload in in versions 2.10.3 and prior. A patch is available and anticipated to be part of version 2.10.4.

Affected packages (1)

Packagist/showdoc/showdocfrom 0, < 2.10.4

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-0946
PATCHhttps://github.com/star7th/showdoc
WEBhttps://github.com/star7th/showdoc/commit/e5d575928b1371a7e07b09b6592822298335062a
WEBhttps://huntr.dev/bounties/1f8f0021-396e-428e-9748-dd4e359715e1