ShowDoc is vulnerable to stored cross-site scripting due to unrestricted file upload in versions 2.10.3 and prior. A patch is available and anticipated to be part of version 2.10.4.
{ "last_known_affected_version_range": "<= 2.10.3" }