4 matches found
Stored XSS via upload file
Description In document feature, you can upload a file .ofd which can have xss Proof of Concept // xss.ofd alert1 Step 1: Go to Support - Documents Step 2: Click Create Documents Step 3: At the Download type, choose Internal. Upload file xss.ofd above. Step 4: Go to that file link, such as:...
GHSA-3PG8-C473-W6RR Stored Cross-site Scripting in showdoc
ShowDoc is a tool for an IT team to share documents online. showdoc contains a stored cross-site scripting vulnerability in the File Library page when uploading a file in .ofd format in versions prior to 2.10.4. At this time, there is no known workaround. Users should update to version 2.10.4...
Stored Cross-site Scripting in showdoc
ShowDoc is a tool for an IT team to share documents online. showdoc contains a stored cross-site scripting vulnerability in the File Library page when uploading a file in .ofd format in versions prior to 2.10.4. At this time, there is no known workaround. Users should update to version 2.10.4...
Stored XSS via File Upload in star7th/showdoc in star7th/showdoc
Description Stored XSS via uploading file in .ofd format. Proof of Concept filename="test.ofd" alert1 Steps to Reproduce 1. Login into showdoc.com.cn. 2. Navigate to file library https://www.showdoc.com.cn/attachment/index 3. In the File Library page, click the Upload button and choose the test.o...