3 matches found
CVE-2021-4172
Cross-site Scripting XSS - Stored in GitHub repository star7th/showdoc prior to 2.10.2...
CVE-2021-4172 Cross-site Scripting (XSS) - Stored in star7th/showdoc
Cross-site Scripting XSS - Stored in GitHub repository star7th/showdoc prior to 2.10.2...
CVE-2021-4172
CVE-2021-4172 refers to a Stored XSS in the open-source tool showdoc (GitHub star7th/showdoc) prior to version 2.10.2. Multiple connected sources confirm the vulnerability arises from improper validation of client-side data in the File Library, where uploading an SVG (PoC) can execute script code...