CVE-2022-0950

Description

The upload feature of ShowDoc prior to version 2.10.4 allows files with the extension `.*html`, which leads to stored cross-site scripting.

Affected packages (1)

• Packagist/showdoc/showdocfrom 0, < 2.10.4

CVSS scores

References (4)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-0950
• PATCHhttps://github.com/star7th/showdoc
• WEBhttps://github.com/star7th/showdoc/commit/237ac6d43bf3728bf3587c486a23b4a48ea7acb3
• WEBhttps://huntr.dev/bounties/acc23996-bd57-448f-9eb4-05a8a046c2dc