showdoc is an open source tool ideal for IT teams to share documents online. showdoc versions prior to v2.10.4 contain a file upload vulnerability, which stems from the lack of valid detection of .aspx file extensions in the application’s file upload feature. An attacker could exploit this vulnerability to upload malicious files and execute malicious scripts in the user’s ? browser to execute malicious scripts, steal user cookies, etc.
CPE | Name | Operator | Version |
---|---|---|---|
showdoc showdoc | lt | 2.10.4 |