CVE-2022-0960
CRITICAL9.0EPSS 0.39%Cross-site Scripting in showdoc/showdoc
發布日:2022/3/15修改日:2023/11/8
描述
ShowDoc is a tool greatly applicable for an IT team to share documents online. showdoc/showdoc allows .properties files to upload which lead to stored XSS in versions prior to 2.10.4. This allows attackers to execute malicious scripts in the user's browser. This issue was patched in version 2.10.4. There is currently no known workaround.
受影響套件(1)
- Packagist/showdoc/showdocfrom 0, < 2.10.4
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.0 | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H |