CVE-2022-0960

CRITICAL9.0EPSS 0.39%

Cross-site Scripting in showdoc/showdoc

Published: 3/15/2022Modified: 11/8/2023

Description

ShowDoc is a tool greatly applicable for an IT team to share documents online. showdoc/showdoc allows .properties files to upload which lead to stored XSS in versions prior to 2.10.4. This allows attackers to execute malicious scripts in the user's browser. This issue was patched in version 2.10.4. There is currently no known workaround.

Affected packages (1)

Packagist/showdoc/showdocfrom 0, < 2.10.4

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.0	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-0960
PATCHhttps://github.com/star7th/showdoc
WEBhttps://github.com/star7th/showdoc/commit/92bc6a83a3a60e01a0d2effb98ab47d8d7eab28f
WEBhttps://huntr.dev/bounties/462cd8a7-b1a9-4e93-af71-b56ba1d7ad4e