EPSS
Percentile
45.7%
showdoc/showdoc is vulnerable to stored cross-site scripting. The vulnerability exists due to lack of xss validations for uploaded OFD files before they get stored which allows an attacker to inject and execute arbitrary javascript.
packetstormsecurity.com/files/167198/Showdoc-2.10.3-Cross-Site-Scripting.html
github.com/advisories/GHSA-3pg8-c473-w6rr
github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8
huntr.dev/bounties/9dea3c98-7609-480d-902d-149067bd1e2a