4 matches found
CVE-2022-0945
Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4...
CVE-2022-0945 Stored XSS viva axd and cshtml file upload in star7th/showdoc in star7th/showdoc
Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4...
CVE-2022-0945 Stored XSS viva axd and cshtml file upload in star7th/showdoc in star7th/showdoc
Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4...
CVE-2022-0945
CVE-2022-0945 refers to a stored XSS vulnerability in ShowDoc (star7th/showdoc) prior to v2.10.4. The root cause is inadequate validation in the file upload functionality, failing to reject .cshtml and .axd extensions, enabling an attacker to upload malicious scripts that can execute in a user’s ...