Lucene search
K

458 matches found

Github Security Blog
Github Security Blog
added 2022/03/23 12:0 a.m.21 views

Unrestricted Upload of File with Dangerous Type in ShowDoc

There is a Unrestricted Upload of File vulnerability in ShowDoc prior to version 2.10.4...

9.1CVSS3.8AI score0.01458EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2022/03/22 8:34 a.m.17 views

Cross-site Scripting (XSS)

showdoc/showdoc is vulnerable to stored cross-site scripting. The vulnerability exists due to lack of xss validations for uploaded OFD files before they get stored which allows an attacker to inject and execute arbitrary javascript...

5.4CVSS2.9AI score0.03274EPSS
Exploits4References4Affected Software1
NVD
NVD
added 2022/03/22 8:15 a.m.20 views

CVE-2022-1034

There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4...

9.1CVSS0.01458EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/03/22 8:15 a.m.9 views

CVE-2022-1034

There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4...

9.1CVSS7.4AI score0.01458EPSS
Exploits1References3
Prion
Prion
added 2022/03/22 8:15 a.m.16 views

Unrestricted file upload

There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4...

6.5CVSS6.9AI score0.01458EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/03/22 7:55 a.m.28 views

CVE-2022-1034 There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in star7th/showdoc

There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4...

9.1CVSS7.2AI score0.01458EPSS
Exploits1References2
CVE
CVE
added 2022/03/22 7:55 a.m.108 views

CVE-2022-1034

CVE-2022-1034 affects ShowDoc

9.1CVSS7.1AI score0.01458EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/03/22 7:55 a.m.20 views

CVE-2022-1034 There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in star7th/showdoc

There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4...

9.1CVSS8.1AI score0.01458EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/03/22 12:0 a.m.3 views

showdoc 代码问题漏洞

showdoc is open source a great tool for IT teams to share documents online. A security vulnerability exists in showdoc v2.10.3, there is no information about the vulnerability at the moment, please stay tuned to CNNVD or the vendor's announcement...

9.1CVSS7.8AI score0.01458EPSS
Exploits1References3
Veracode
Veracode
added 2022/03/21 5:18 a.m.27 views

Cross-site Scripting (XSS)

showdoc/showdoc is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the .properties files...

5.4CVSS2.2AI score0.0084EPSS
Exploits1References4Affected Software1
CNVD
CNVD
added 2022/03/21 12:0 a.m.21 views

showdoc Cross-Site Scripting Vulnerability (CNVD-2022-21807)

showdoc is open source and a great tool for IT teams to share documents online. showdoc versions prior to 2.10.4 have a security vulnerability that stems from the application allowing the upload of .ofd files, which leads to a cross-site scripting vulnerability. No detailed vulnerability details...

9CVSS2AI score0.00888EPSS
Exploits1References1
Huntr
Huntr
added 2022/03/20 7:41 a.m.20 views

There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3

Description There is a Unrestricted Upload of File vulnerability in AdminUpdateController.class.php in ShowDoc v2.10.3 Proof of Concept POST /showdoc-2.10.3/server/index.php?s=/api/adminUpdate/download HTTP/1.1 Host: 10.211.55.5 Content-Length: 66 Accept: application/json, text/plain, / User-Agen...

6.5CVSS1.1AI score0.01458EPSS
Exploits1References2
Huntr
Huntr
added 2022/03/18 4:59 p.m.213 views

Using vulnerable dependencies in package.json

Description 1. Hello team, The Showdoc is using a axios 0.17.1 dependency that is vulnerable to:👇 1. CVE-2021-3749 Regular Expression Denial of Service ReDoS 2. CVE-2020-28168 Server-Side Request Forgery SSRF 3. CVE-2019-10742 Denial of Service DoS Path to the file:...

1AI score0.08515EPSS
Exploits4
CNVD
CNVD
added 2022/03/17 12:0 a.m.24 views

showdoc .cshtml file upload vulnerability

showdoc is an open source tool for IT teams to share documents online. showdoc versions prior to v2.10.4 are vulnerable to file uploads, which stem from the lack of effective detection of .cshtml and .axd file extensions in the application's file upload functionality. An attacker could exploit th...

9CVSS1.3AI score0.00797EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/17 12:0 a.m.18 views

showdoc .ofd file upload vulnerability

showdoc is an open source tool for IT teams to share documents online. showdoc versions prior to v2.10.4 are vulnerable to file uploads, which stem from the lack of effective detection of .ofd file extensions in the application's file upload feature. An attacker could use this vulnerability to...

6.9CVSS1.5AI score0.03274EPSS
Exploits4References1
CNVD
CNVD
added 2022/03/17 12:0 a.m.17 views

showdoc .md file upload vulnerability

showdoc is an open source tool for IT teams to share documents online. showdoc versions prior to v2.10.4 are vulnerable to file uploads, which stem from the lack of effective detection of .md file extensions in the application's file upload feature. An attacker could use this vulnerability to...

7.1CVSS1.5AI score0.00725EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/17 12:0 a.m.17 views

showdoc .webmv file upload vulnerability

showdoc is an open source tool for IT teams to share documents online. showdoc versions prior to v2.10.4 contain a file upload vulnerability that stems from the lack of effective detection of .webmv file extensions in the application's file upload feature. An attacker could exploit this...

8CVSS1.4AI score0.00825EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/17 12:0 a.m.49 views

showdoc .aspx file upload vulnerability (CNVD-2022-20513)

showdoc is an open source tool for IT teams to share documents online. showdoc versions prior to v2.10.4 contain a file upload vulnerability that stems from the lack of effective detection of .aspx file extensions in the application's file upload functionality. An attacker could use this...

9.4CVSS1.3AI score0.0074EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/17 12:0 a.m.20 views

showdoc .m3u8a file upload vulnerability

showdoc is an open source tool for IT teams to share documents online. showdoc versions prior to v2.10.4 contain a file upload vulnerability that stems from the lack of effective detection of .m3u8a file extensions in the application's file upload feature. An attacker could exploit this...

7.6CVSS1.4AI score0.00754EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/17 12:0 a.m.14 views

showdoc .properties file upload vulnerability (CNVD-2022-20508)

showdoc is an open source tool for IT teams to share documents online. showdoc versions prior to v2.10.4 are vulnerable to file uploads, which stem from the lack of effective detection of .properties file extensions in the application's file upload feature. An attacker could use this vulnerabilit...

6.9CVSS1.5AI score0.03274EPSS
Exploits5References1
Rows per page
Query Builder