GHSA-rphc-h572-2x9f
Suggest an improvement- Source
- https://github.com/advisories/GHSA-rphc-h572-2x9f
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-rphc-h572-2x9f/GHSA-rphc-h572-2x9f.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-rphc-h572-2x9f
- Aliases
- Published
- 2022-03-15T00:00:55Z
- Modified
- 2023-11-08T04:07:43.796458Z
- Severity
-
- 9.0 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- Cross-site Scripting in showdoc/showdoc
- Details
-
ShowDoc is a tool greatly applicable for an IT team to share documents online. showdoc/showdoc allows .properties files to upload which lead to stored XSS in versions prior to 2.10.4. This allows attackers to execute malicious scripts in the user's browser. This issue was patched in version 2.10.4. There is currently no known workaround.
- Database specific
{ "nvd_published_at": "2022-03-14T15:15:00Z", "github_reviewed_at": "2022-03-15T19:26:12Z", "severity": "CRITICAL", "github_reviewed": true, "cwe_ids": [ "CWE-434", "CWE-79" ] }- References
Affected packages
Packagist / showdoc/showdoc
Package
- Name
- showdoc/showdoc
- Purl
- pkg:composer/showdoc/showdoc
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.10.4
Affected versions
v1.*
v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.1.0
v1.1.1
v1.1.3
v1.1.4
v1.1.5
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.2.5
v1.2.6
v1.3.0
v1.3.1
v1.3.3
v1.3.4
v1.3.5
v1.3.6
v1.3.7
v1.3.8
v1.4.0
v1.4.1
v1.4.2
v1.4.3
v1.4.4
v1.4.5
v1.4.6
v1.4.7
v1.5.0
v1.5.1
v1.5.2
v1.5.3
v1.6.0
v1.6.1
v1.6.2
v1.7.0
v1.7.1
v1.7.2
v1.8.0
v1.8.1
v1.8.2
v1.8.3
v1.8.4
v1.8.5
v1.8.6
v2.*
v2.0
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.0.7
v2.0.8
v2.0.9
v2.0.10
v2.1.0
v2.1.1
v2.1.2
v2.1.3
v2.1.4
v2.1.5
v2.2.0
v2.2.1
v2.3.0
v2.3.1
v2.3.3
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.5
v2.4.6
v2.4.7
v2.4.8
v2.4.9
v2.4.10
v2.4.11
v2.4.12
v2.4.13
v2.4.15
v2.4.16
v2.4.17
v2.5.1
v2.5.2
v2.5.3
v2.5.5
v2.6.1
v2.6.2
v2.6.3
v2.6.5
v2.6.6
v2.6.7
v2.7.0
v2.7.1
v2.8.0
v2.8.1
v2.8.2
v2.8.3
v2.8.5
v2.8.6
v2.8.7
v2.8.8
v2.8.9
v2.8.10
v2.8.11
v2.8.12
v2.8.13
v2.8.14
v2.8.15
v2.8.16
v2.9.0
v2.9.1
v2.9.2
v2.9.3
v2.9.4
v2.9.5
v2.9.6
v2.9.7
v2.9.8
v2.9.9
v2.9.10
v2.9.11
v2.9.12
v2.9.13
v2.9.14
v2.9.15
v2.10.0
v2.10.1
v2.10.2
v2.10.3