3 matches found
Cross-site Scripting (XSS)
showdoc/showdoc is vulnerable to stored cross-site scripting. The vulnerability exists due to lack of xss validations for uploaded OFD files before they get stored which allows an attacker to inject and execute arbitrary javascript...
showdoc Cross-Site Scripting Vulnerability (CNVD-2022-21807)
showdoc is open source and a great tool for IT teams to share documents online. showdoc versions prior to 2.10.4 have a security vulnerability that stems from the application allowing the upload of .ofd files, which leads to a cross-site scripting vulnerability. No detailed vulnerability details...
Stored XSS viva .ofd file upload
Description The application allows .ofd files to upload which lead to stored XSS Proof of Concept 1.First, open your text file/notepad and paste the below payload and save it as XSS.ofd: alert1337 alertdocument.domain alertdocument.location alert'XSSbySamprit Das' 2.Then go to...