Lucene search
K

4 matches found

Huntr
Huntr
added 2022/03/23 2:33 a.m.9 views

Stored XSS via upload file

Description In document feature, you can upload a file .ofd which can have xss Proof of Concept // xss.ofd alert1 Step 1: Go to Support - Documents Step 2: Click Create Documents Step 3: At the Download type, choose Internal. Upload file xss.ofd above. Step 4: Go to that file link, such as:...

7AI score
Exploits0
OSV
OSV
added 2022/03/16 12:0 a.m.17 views

GHSA-3PG8-C473-W6RR Stored Cross-site Scripting in showdoc

ShowDoc is a tool for an IT team to share documents online. showdoc contains a stored cross-site scripting vulnerability in the File Library page when uploading a file in .ofd format in versions prior to 2.10.4. At this time, there is no known workaround. Users should update to version 2.10.4...

6.9CVSS5AI score0.03274EPSS
Exploits4References4
Github Security Blog
Github Security Blog
added 2022/03/16 12:0 a.m.19 views

Stored Cross-site Scripting in showdoc

ShowDoc is a tool for an IT team to share documents online. showdoc contains a stored cross-site scripting vulnerability in the File Library page when uploading a file in .ofd format in versions prior to 2.10.4. At this time, there is no known workaround. Users should update to version 2.10.4...

6.9CVSS1.8AI score0.03274EPSS
Exploits4References4Affected Software1
Huntr
Huntr
added 2022/03/14 2:39 p.m.29 views

Stored XSS via File Upload in star7th/showdoc in star7th/showdoc

Description Stored XSS via uploading file in .ofd format. Proof of Concept filename="test.ofd" alert1 Steps to Reproduce 1. Login into showdoc.com.cn. 2. Navigate to file library https://www.showdoc.com.cn/attachment/index 3. In the File Library page, click the Upload button and choose the test.o...

3.5CVSS5.2AI score0.03274EPSS
Exploits4
Rows per page
Query Builder