CVE-2022-0962

Published: Mar 14, 2022Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

Stored XSS viva .webma file upload in GitHub repository star7th/showdoc prior to 2.10.4.

Affected (1)

Products: Showdoc: Showdoc

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Showdoc Showdoc	Before 2.10.4

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8

Source: security@huntr.dev

PatchThird Party Advisory

https://huntr.dev/bounties/7ebe3e5f-2c86-44de-b83e-2ddb6bbda908

Source: security@huntr.dev

ExploitThird Party Advisory

https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://huntr.dev/bounties/7ebe3e5f-2c86-44de-b83e-2ddb6bbda908

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.