EPSS
Percentile
47.7%
showdoc/showdoc is vulnerable to cross-site request forgery. The library does not verify the authenticity of requests due to a lack of anti-CSRF protection, allowing an attacker to create a new group for any item if users visit the attacker site.
github.com/star7th/showdoc/commit/654e871a3923e79076818a9a03533fe88222c871
huntr.dev/bounties/1d8439e8-b3f7-40f8-8b30-f9cb05ff2bcd
huntr.dev/bounties/1d8439e8-b3f7-40f8-8b30-f9cb05ff2bcd/