Vulnerabilites related to showdoc - showdoc
Vulnerability from fkie_nvd
Published
2018-09-02 18:29
Modified
2024-11-21 03:52
Severity ?
Summary
ShowDoc v1.8.0 has XSS via a new page.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/star7th/showdoc/issues/325 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/star7th/showdoc/issues/325 | Exploit, Issue Tracking, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:showdoc:showdoc:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "57434F91-041E-422A-A03B-C4A415755199",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ShowDoc v1.8.0 has XSS via a new page."
},
{
"lang": "es",
"value": "ShowDoc v1.8.0 tiene Cross-Site Scripting (XSS) mediante una nueva p\u00e1gina."
}
],
"id": "CVE-2018-16342",
"lastModified": "2024-11-21T03:52:33.613",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-02T18:29:00.633",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/issues/325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/issues/325"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-15 04:15
Modified
2024-11-21 06:39
Severity ?
Summary
Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/star7th/showdoc/commit/ba45d19e1d77a7eea866dab30eff5da552694891 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/8702e2bf-4af2-4391-b651-c8c89e7d089e | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/star7th/showdoc/commit/ba45d19e1d77a7eea866dab30eff5da552694891 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/8702e2bf-4af2-4391-b651-c8c89e7d089e | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:showdoc:showdoc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB841EBE-162B-4399-B2A5-B1EE3350CD36",
"versionEndIncluding": "2.10.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo XSS almacenado por medio de una subida de archivos axd y cshtml en star7th/showdoc en el repositorio de GitHub star7th/showdoc versiones anteriores a v2.10.4"
}
],
"id": "CVE-2022-0945",
"lastModified": "2024-11-21T06:39:43.093",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-15T04:15:08.797",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/ba45d19e1d77a7eea866dab30eff5da552694891"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/8702e2bf-4af2-4391-b651-c8c89e7d089e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/ba45d19e1d77a7eea866dab30eff5da552694891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/8702e2bf-4af2-4391-b651-c8c89e7d089e"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-15 09:15
Modified
2024-11-21 06:39
Severity ?
Summary
Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/star7th/showdoc/commit/237ac6d43bf3728bf3587c486a23b4a48ea7acb3 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/acc23996-bd57-448f-9eb4-05a8a046c2dc | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/star7th/showdoc/commit/237ac6d43bf3728bf3587c486a23b4a48ea7acb3 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/acc23996-bd57-448f-9eb4-05a8a046c2dc | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:showdoc:showdoc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB841EBE-162B-4399-B2A5-B1EE3350CD36",
"versionEndIncluding": "2.10.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4."
},
{
"lang": "es",
"value": "Una Subida no Restringida de Archivos de Tipo Peligroso en el repositorio de GitHub star7th/showdoc versiones anteriores a 2.10.4"
}
],
"id": "CVE-2022-0950",
"lastModified": "2024-11-21T06:39:43.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-15T09:15:07.947",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/237ac6d43bf3728bf3587c486a23b4a48ea7acb3"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/acc23996-bd57-448f-9eb4-05a8a046c2dc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/237ac6d43bf3728bf3587c486a23b4a48ea7acb3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/acc23996-bd57-448f-9eb4-05a8a046c2dc"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-14 16:15
Modified
2024-11-21 06:39
Severity ?
Summary
Stored XSS viva .webma file upload in GitHub repository star7th/showdoc prior to 2.10.4.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/7ebe3e5f-2c86-44de-b83e-2ddb6bbda908 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/7ebe3e5f-2c86-44de-b83e-2ddb6bbda908 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:showdoc:showdoc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AA94847-8E4A-4668-B8DE-2727B947AC1C",
"versionEndExcluding": "2.10.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS viva .webma file upload in GitHub repository star7th/showdoc prior to 2.10.4."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo XSS almacenado por medio de la carga de archivos .webma en el repositorio GitHub star7th/showdoc versiones anteriores a 2.10.4"
}
],
"id": "CVE-2022-0962",
"lastModified": "2024-11-21T06:39:45.147",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-14T16:15:07.687",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/7ebe3e5f-2c86-44de-b83e-2ddb6bbda908"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/7ebe3e5f-2c86-44de-b83e-2ddb6bbda908"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-04 13:15
Modified
2024-11-21 06:22
Severity ?
Summary
showdoc is vulnerable to Missing Cryptographic Step
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/star7th/showdoc/commit/4b962c1740311e0d46775023b6acba39ad60e370 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/76b49607-fba9-4100-9be7-cb459fe6cfe2 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/star7th/showdoc/commit/4b962c1740311e0d46775023b6acba39ad60e370 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/76b49607-fba9-4100-9be7-cb459fe6cfe2 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:showdoc:showdoc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58BC041D-6890-4EA5-AC85-74745A14E3AE",
"versionEndIncluding": "2.9.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "showdoc is vulnerable to Missing Cryptographic Step"
},
{
"lang": "es",
"value": "showdoc es vulnerable a una Falta de un Paso Criptogr\u00e1fico"
}
],
"id": "CVE-2021-3680",
"lastModified": "2024-11-21T06:22:08.780",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 4.0,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-04T13:15:08.093",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/4b962c1740311e0d46775023b6acba39ad60e370"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/76b49607-fba9-4100-9be7-cb459fe6cfe2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/4b962c1740311e0d46775023b6acba39ad60e370"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/76b49607-fba9-4100-9be7-cb459fe6cfe2"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-325"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-14 15:15
Modified
2024-11-21 06:39
Severity ?
Summary
Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/star7th/showdoc/commit/92bc6a83a3a60e01a0d2effb98ab47d8d7eab28f | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/462cd8a7-b1a9-4e93-af71-b56ba1d7ad4e | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/star7th/showdoc/commit/92bc6a83a3a60e01a0d2effb98ab47d8d7eab28f | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/462cd8a7-b1a9-4e93-af71-b56ba1d7ad4e | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:showdoc:showdoc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AA94847-8E4A-4668-B8DE-2727B947AC1C",
"versionEndExcluding": "2.10.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo XSS almacenado por medio de la carga de archivos .properties en el repositorio de GitHub star7th/showdoc versiones anteriores a 2.10.4"
}
],
"id": "CVE-2022-0960",
"lastModified": "2024-11-21T06:39:44.903",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-14T15:15:10.707",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/92bc6a83a3a60e01a0d2effb98ab47d8d7eab28f"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/462cd8a7-b1a9-4e93-af71-b56ba1d7ad4e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/92bc6a83a3a60e01a0d2effb98ab47d8d7eab28f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/462cd8a7-b1a9-4e93-af71-b56ba1d7ad4e"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-01-26 13:15
Modified
2024-11-21 06:38
Severity ?
Summary
SQL Injection in Packagist showdoc/showdoc prior to 2.10.3.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/star7th/showdoc/commit/2b34e267e4186125f99bfa420140634ad45801fb | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/e7c72417-eb8f-416c-8480-be76ac0a9091 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/star7th/showdoc/commit/2b34e267e4186125f99bfa420140634ad45801fb | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/e7c72417-eb8f-416c-8480-be76ac0a9091 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:showdoc:showdoc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05C5DCD1-C603-4E72-8BEA-56DC42A0F703",
"versionEndExcluding": "2.10.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection in Packagist showdoc/showdoc prior to 2.10.3."
},
{
"lang": "es",
"value": "Una Inyecci\u00f3n SQL en Packagist showdoc/showdoc versiones anteriores a 2.10.3"
}
],
"id": "CVE-2022-0362",
"lastModified": "2024-11-21T06:38:27.717",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.5,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-26T13:15:07.923",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/2b34e267e4186125f99bfa420140634ad45801fb"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/e7c72417-eb8f-416c-8480-be76ac0a9091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/2b34e267e4186125f99bfa420140634ad45801fb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/e7c72417-eb8f-416c-8480-be76ac0a9091"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-13 10:15
Modified
2024-11-21 06:22
Severity ?
Summary
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/star7th/showdoc/commit/67093c879a6563aa6ee08003177777d1975e2351 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/e0edf27d-437e-44fe-907a-df020f385304 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/star7th/showdoc/commit/67093c879a6563aa6ee08003177777d1975e2351 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/e0edf27d-437e-44fe-907a-df020f385304 | Exploit, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:showdoc:showdoc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "041B2042-06C7-49B7-9FA1-36B75F724907",
"versionEndIncluding": "2.9.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "showdoc is vulnerable to Cross-Site Request Forgery (CSRF)"
},
{
"lang": "es",
"value": "showdoc es vulnerable a un ataque de tipo Cross-Site Request Forgery (CSRF)"
}
],
"id": "CVE-2021-3776",
"lastModified": "2024-11-21T06:22:24.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-13T10:15:07.867",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/67093c879a6563aa6ee08003177777d1975e2351"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/e0edf27d-437e-44fe-907a-df020f385304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/67093c879a6563aa6ee08003177777d1975e2351"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/e0edf27d-437e-44fe-907a-df020f385304"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-15 09:15
Modified
2024-11-21 06:39
Severity ?
Summary
File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/star7th/showdoc/commit/237ac6d43bf3728bf3587c486a23b4a48ea7acb3 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/b3a983a3-17f9-4aa8-92d7-8a0c92a93932 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/star7th/showdoc/commit/237ac6d43bf3728bf3587c486a23b4a48ea7acb3 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/b3a983a3-17f9-4aa8-92d7-8a0c92a93932 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:showdoc:showdoc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB841EBE-162B-4399-B2A5-B1EE3350CD36",
"versionEndIncluding": "2.10.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4."
},
{
"lang": "es",
"value": "Una Omisi\u00f3n de la Restricci\u00f3n de Subida de Archivos conllevando a una vulnerabilidad de tipo XSS Almacenado en el repositorio de GitHub star7th/showdoc versiones anteriores a 2.10.4"
}
],
"id": "CVE-2022-0951",
"lastModified": "2024-11-21T06:39:43.863",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-15T09:15:08.250",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/237ac6d43bf3728bf3587c486a23b4a48ea7acb3"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/b3a983a3-17f9-4aa8-92d7-8a0c92a93932"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/237ac6d43bf3728bf3587c486a23b4a48ea7acb3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/b3a983a3-17f9-4aa8-92d7-8a0c92a93932"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-15 16:15
Modified
2024-11-21 06:39
Severity ?
Summary
Stored XSS viva .webmv file upload in GitHub repository star7th/showdoc prior to 2.10.4.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/dbe39998-8eb7-46ea-997f-7b27f6f16ea0 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/dbe39998-8eb7-46ea-997f-7b27f6f16ea0 | Exploit, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:showdoc:showdoc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AA94847-8E4A-4668-B8DE-2727B947AC1C",
"versionEndExcluding": "2.10.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS viva .webmv file upload in GitHub repository star7th/showdoc prior to 2.10.4."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo XSS almacenado por medio de una subida de archivos .webmv en el repositorio de GitHub star7th/showdoc versiones anteriores a 2.10.4"
}
],
"id": "CVE-2022-0964",
"lastModified": "2024-11-21T06:39:45.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.3,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-15T16:15:08.817",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/dbe39998-8eb7-46ea-997f-7b27f6f16ea0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/dbe39998-8eb7-46ea-997f-7b27f6f16ea0"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-19 05:15
Modified
2024-11-21 06:38
Severity ?
Summary
Unrestricted Upload of File with Dangerous Type in Packagist showdoc/showdoc prior to 2.10.2.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/star7th/showdoc/commit/7383d7a3c1b0807b6f397ba7df415a0ce7ccc436 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/c25bfad1-2611-4226-954f-009e50f966f7 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/star7th/showdoc/commit/7383d7a3c1b0807b6f397ba7df415a0ce7ccc436 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/c25bfad1-2611-4226-954f-009e50f966f7 | Exploit, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:showdoc:showdoc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E2EBF3-77AE-4BBD-9F64-7BB74052FE1E",
"versionEndExcluding": "2.10.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type in Packagist showdoc/showdoc prior to 2.10.2."
},
{
"lang": "es",
"value": "Una Carga no Restringida de Archivos de Tipo Peligroso en Packagist showdoc/showdoc versiones anteriores a 2.10.2"
}
],
"id": "CVE-2022-0409",
"lastModified": "2024-11-21T06:38:33.983",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-19T05:15:14.533",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/7383d7a3c1b0807b6f397ba7df415a0ce7ccc436"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/c25bfad1-2611-4226-954f-009e50f966f7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/7383d7a3c1b0807b6f397ba7df415a0ce7ccc436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/c25bfad1-2611-4226-954f-009e50f966f7"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-28 08:29
Modified
2024-11-21 03:58
Severity ?
Summary
ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified page_id.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:showdoc:showdoc:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60FAF69B-91E1-4DCF-924D-1B484D7913E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ShowDoc 2.4.1 allows remote attackers to edit other users\u0027 notes by navigating with a modified page_id."
},
{
"lang": "es",
"value": "ShowDoc 2.4.1 permite que los atacantes remotos editen las notas de otros usuarios navegando con un page_id modificado."
}
],
"id": "CVE-2018-19620",
"lastModified": "2024-11-21T03:58:17.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-28T08:29:00.277",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/CCCCCrash/POCs/tree/master/Web/showdoc/IncorrectAccessControl#0x02-modify"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/star7th/showdoc/commit/bcdb5e3519285bdf81e618b3c9b90d22bc49e13c"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/star7th/showdoc/issues/397"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/CCCCCrash/POCs/tree/master/Web/showdoc/IncorrectAccessControl#0x02-modify"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/star7th/showdoc/commit/bcdb5e3519285bdf81e618b3c9b90d22bc49e13c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/star7th/showdoc/issues/397"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-425"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-14 13:15
Modified
2024-11-21 06:39
Severity ?
Summary
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/star7th/showdoc/commit/4b6e6603c714aab1de346c5f5cb0bbb4c871be1f | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/040a910e-e689-4fcb-9e4f-95206515d1bc | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/star7th/showdoc/commit/4b6e6603c714aab1de346c5f5cb0bbb4c871be1f | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/040a910e-e689-4fcb-9e4f-95206515d1bc | Exploit, Issue Tracking, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:showdoc:showdoc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB841EBE-162B-4399-B2A5-B1EE3350CD36",
"versionEndIncluding": "2.10.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo XSS almacenado debido a una Subida de Archivos sin Restricciones en el repositorio de GitHub star7th/showdoc versiones anteriores a v2.10.4"
}
],
"id": "CVE-2022-0941",
"lastModified": "2024-11-21T06:39:42.547",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-14T13:15:07.687",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/4b6e6603c714aab1de346c5f5cb0bbb4c871be1f"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/040a910e-e689-4fcb-9e4f-95206515d1bc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/4b6e6603c714aab1de346c5f5cb0bbb4c871be1f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/040a910e-e689-4fcb-9e4f-95206515d1bc"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-01 11:15
Modified
2024-11-21 06:23
Severity ?
Summary
showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/star7th/showdoc/commit/a9886f26c08225e0adca75c67dfca3f7c42b87d0 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/0680067d-56a7-4412-b06e-a267e850ae9f | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/star7th/showdoc/commit/a9886f26c08225e0adca75c67dfca3f7c42b87d0 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/0680067d-56a7-4412-b06e-a267e850ae9f | Exploit, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:showdoc:showdoc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3ED61945-F39E-4395-BA12-8F3F8A7E55A0",
"versionEndExcluding": "2.9.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"
},
{
"lang": "es",
"value": "showdoc es vulnerable al Uso de un Generador de N\u00fameros Pseudoaleatorios (PRNG) Criptogr\u00e1ficamente D\u00e9bil"
}
],
"id": "CVE-2021-3990",
"lastModified": "2024-11-21T06:23:19.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.7,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-01T11:15:07.977",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/a9886f26c08225e0adca75c67dfca3f7c42b87d0"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/0680067d-56a7-4412-b06e-a267e850ae9f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/a9886f26c08225e0adca75c67dfca3f7c42b87d0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/0680067d-56a7-4412-b06e-a267e850ae9f"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-338"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-12 04:15
Modified
2024-11-21 06:39
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/star7th/showdoc/commit/818d7fe731f452acccacf731ce47ec27ad68049c | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/df347aa9-ed9b-4f75-af99-c83b8aad3bcf | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/star7th/showdoc/commit/818d7fe731f452acccacf731ce47ec27ad68049c | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/df347aa9-ed9b-4f75-af99-c83b8aad3bcf | Exploit, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:showdoc:showdoc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E2EBF3-77AE-4BBD-9F64-7BB74052FE1E",
"versionEndExcluding": "2.10.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en el repositorio GitHub star7th/showdoc versiones anteriores a 2.10.2"
}
],
"id": "CVE-2022-0880",
"lastModified": "2024-11-21T06:39:35.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 4.7,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-12T04:15:06.947",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/818d7fe731f452acccacf731ce47ec27ad68049c"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/df347aa9-ed9b-4f75-af99-c83b8aad3bcf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/818d7fe731f452acccacf731ce47ec27ad68049c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/df347aa9-ed9b-4f75-af99-c83b8aad3bcf"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-01 11:15
Modified
2024-11-21 06:36
Severity ?
Summary
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/star7th/showdoc/commit/654e871a3923e79076818a9a03533fe88222c871 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/1d8439e8-b3f7-40f8-8b30-f9cb05ff2bcd | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/star7th/showdoc/commit/654e871a3923e79076818a9a03533fe88222c871 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/1d8439e8-b3f7-40f8-8b30-f9cb05ff2bcd | Exploit, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:showdoc:showdoc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3ED61945-F39E-4395-BA12-8F3F8A7E55A0",
"versionEndExcluding": "2.9.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "showdoc is vulnerable to Cross-Site Request Forgery (CSRF)"
},
{
"lang": "es",
"value": "showdoc es vulnerable a un ataque de tipo Cross-Site Request Forgery (CSRF)\n"
}
],
"id": "CVE-2021-4017",
"lastModified": "2024-11-21T06:36:43.727",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 5.2,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-01T11:15:08.273",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/654e871a3923e79076818a9a03533fe88222c871"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/1d8439e8-b3f7-40f8-8b30-f9cb05ff2bcd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/654e871a3923e79076818a9a03533fe88222c871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/1d8439e8-b3f7-40f8-8b30-f9cb05ff2bcd"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-15 14:15
Modified
2024-11-21 06:39
Severity ?
Summary
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to 2.10.4.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/a412707c-18da-4c84-adc0-9801ed8068c9 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/a412707c-18da-4c84-adc0-9801ed8068c9 | Exploit, Issue Tracking, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:showdoc:showdoc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB841EBE-162B-4399-B2A5-B1EE3350CD36",
"versionEndIncluding": "2.10.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to 2.10.4."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo XSS almacenado debido a la subida de archivos sin restricciones en el repositorio de GitHub star7th/showdoc versiones anteriores a 2.10.4"
}
],
"id": "CVE-2022-0942",
"lastModified": "2024-11-21T06:39:42.667",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.5,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-15T14:15:07.607",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/a412707c-18da-4c84-adc0-9801ed8068c9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/a412707c-18da-4c84-adc0-9801ed8068c9"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-15 16:15
Modified
2024-11-21 06:39
Severity ?
Summary
Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc prior to 2.10.4.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/d66c88ce-63e2-4515-a429-8e43a42aa347 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/d66c88ce-63e2-4515-a429-8e43a42aa347 | Exploit, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:showdoc:showdoc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AA94847-8E4A-4668-B8DE-2727B947AC1C",
"versionEndExcluding": "2.10.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc prior to 2.10.4."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo XSS almacenado por medio de una subida de archivos .ofd file upload en el repositorio de GitHub star7th/showdoc antes de 2.10.4"
}
],
"id": "CVE-2022-0965",
"lastModified": "2024-11-21T06:39:45.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-15T16:15:08.970",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/d66c88ce-63e2-4515-a429-8e43a42aa347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/d66c88ce-63e2-4515-a429-8e43a42aa347"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-03 11:15
Modified
2024-11-21 06:36
Severity ?
Summary
showdoc is vulnerable to URL Redirection to Untrusted Site
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/star7th/showdoc/commit/c7f10033eba5f2b5a537f9af9ba2379138e67138 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/e4d803e0-3104-432c-80b3-34bc453c8962 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/star7th/showdoc/commit/c7f10033eba5f2b5a537f9af9ba2379138e67138 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/e4d803e0-3104-432c-80b3-34bc453c8962 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:showdoc:showdoc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D708FBF-6098-4F9D-B431-E48355AE5A26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "showdoc is vulnerable to URL Redirection to Untrusted Site"
},
{
"lang": "es",
"value": "showdoc es vulnerable a una Redirecci\u00f3n de URL a un Sitio no Confiable"
}
],
"id": "CVE-2021-4000",
"lastModified": "2024-11-21T06:36:42.037",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-03T11:15:07.883",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/c7f10033eba5f2b5a537f9af9ba2379138e67138"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/e4d803e0-3104-432c-80b3-34bc453c8962"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/c7f10033eba5f2b5a537f9af9ba2379138e67138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/e4d803e0-3104-432c-80b3-34bc453c8962"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-22 12:15
Modified
2024-11-21 06:26
Severity ?
Summary
ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/purple-WL/SHOWDOC-file-upload-vulnerability | Third Party Advisory | |
| cve@mitre.org | https://www.cnvd.org.cn/flaw/show/CNVD-2020-49480 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/purple-WL/SHOWDOC-file-upload-vulnerability | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cnvd.org.cn/flaw/show/CNVD-2020-49480 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:showdoc:showdoc:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "13D62D20-A07E-405C-8D57-A18AF421A72B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions."
},
{
"lang": "es",
"value": "ShowDoc versi\u00f3n 2.8.3 presenta una vulnerabilidad en la carga de archivos, que puede ser aprovechada por los atacantes para obtener permisos del servidor"
}
],
"id": "CVE-2021-41745",
"lastModified": "2024-11-21T06:26:41.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-22T12:15:09.107",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/purple-WL/SHOWDOC-file-upload-vulnerability"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cnvd.org.cn/flaw/show/CNVD-2020-49480"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/purple-WL/SHOWDOC-file-upload-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cnvd.org.cn/flaw/show/CNVD-2020-49480"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-15 13:15
Modified
2024-11-21 06:39
Severity ?
Summary
Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/star7th/showdoc/commit/d1c9ed0d77ea5d56f09be0c492361dca8af745bb | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/b4918d45-b635-40db-bb4b-34035e1aca21 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/star7th/showdoc/commit/d1c9ed0d77ea5d56f09be0c492361dca8af745bb | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/b4918d45-b635-40db-bb4b-34035e1aca21 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:showdoc:showdoc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB841EBE-162B-4399-B2A5-B1EE3350CD36",
"versionEndIncluding": "2.10.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo XSS almacenado por medio de subida de archivos en el repositorio de GitHub star7th/showdoc versiones anteriores a 2.10.4"
}
],
"id": "CVE-2022-0957",
"lastModified": "2024-11-21T06:39:44.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-15T13:15:08.657",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/d1c9ed0d77ea5d56f09be0c492361dca8af745bb"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/b4918d45-b635-40db-bb4b-34035e1aca21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/d1c9ed0d77ea5d56f09be0c492361dca8af745bb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/b4918d45-b635-40db-bb4b-34035e1aca21"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-15 16:15
Modified
2024-11-21 06:39
Severity ?
Summary
Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | http://packetstormsecurity.com/files/167198/Showdoc-2.10.3-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| security@huntr.dev | https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/9dea3c98-7609-480d-902d-149067bd1e2a | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/167198/Showdoc-2.10.3-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/9dea3c98-7609-480d-902d-149067bd1e2a | Exploit, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:showdoc:showdoc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AA94847-8E4A-4668-B8DE-2727B947AC1C",
"versionEndExcluding": "2.10.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo XSS almacenado por medio de una Subida de Archivos en star7th/showdoc en star7th/showdoc en el repositorio de GitHub star7th/showdoc versiones anteriores a 2.10.4"
}
],
"id": "CVE-2022-0967",
"lastModified": "2024-11-21T06:39:45.767",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.3,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-15T16:15:09.233",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167198/Showdoc-2.10.3-Cross-Site-Scripting.html"
},
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/9dea3c98-7609-480d-902d-149067bd1e2a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167198/Showdoc-2.10.3-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/9dea3c98-7609-480d-902d-149067bd1e2a"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-13 10:15
Modified
2024-11-21 06:22
Severity ?
Summary
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/star7th/showdoc/commit/67093c879a6563aa6ee08003177777d1975e2351 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/063a339a-5d78-40d6-a96a-6716960e8134 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/star7th/showdoc/commit/67093c879a6563aa6ee08003177777d1975e2351 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/063a339a-5d78-40d6-a96a-6716960e8134 | Exploit, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:showdoc:showdoc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "041B2042-06C7-49B7-9FA1-36B75F724907",
"versionEndIncluding": "2.9.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "showdoc is vulnerable to Cross-Site Request Forgery (CSRF)"
},
{
"lang": "es",
"value": "showdoc es vulnerable a un ataque de tipo Cross-Site Request Forgery (CSRF)"
}
],
"id": "CVE-2021-3683",
"lastModified": "2024-11-21T06:22:09.233",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-13T10:15:07.610",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/67093c879a6563aa6ee08003177777d1975e2351"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/063a339a-5d78-40d6-a96a-6716960e8134"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/67093c879a6563aa6ee08003177777d1975e2351"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/063a339a-5d78-40d6-a96a-6716960e8134"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-08 21:15
Modified
2024-11-21 06:13
Severity ?
Summary
Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to execute arbitrary code via the 'file_url' parameter in the component AdminUpdateController.class.php'.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/star7th/showdoc/issues/1406 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/star7th/showdoc/issues/1406 | Exploit, Issue Tracking, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:showdoc:showdoc:2.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D5CB09-DC3C-4D9B-881F-C7B4C141A5C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to execute arbitrary code via the \u0027file_url\u0027 parameter in the component AdminUpdateController.class.php\u0027."
},
{
"lang": "es",
"value": "Una Carga de Archivos sin Restricciones en ShowDoc versi\u00f3n v2.9.5, permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio del par\u00e1metro \"file_url\" en el componente \"AdminUpdateController.class.php\""
}
],
"id": "CVE-2021-36440",
"lastModified": "2024-11-21T06:13:43.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-08T21:15:10.657",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/issues/1406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/issues/1406"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-22 08:15
Modified
2024-11-21 06:39
Severity ?
Summary
There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/star7th/showdoc/commit/bd792a89c0325836fbd64784f4c4117c0171416b | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/d205c489-3266-4ac4-acb7-c8ee570887f7 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/star7th/showdoc/commit/bd792a89c0325836fbd64784f4c4117c0171416b | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/d205c489-3266-4ac4-acb7-c8ee570887f7 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:showdoc:showdoc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AA94847-8E4A-4668-B8DE-2727B947AC1C",
"versionEndExcluding": "2.10.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de Carga no Restringida de Archivos en ShowDoc versi\u00f3n v2.10.3, en el repositorio GitHub star7th/showdoc versiones anteriores a 2.10.4"
}
],
"id": "CVE-2022-1034",
"lastModified": "2024-11-21T06:39:53.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-22T08:15:07.003",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/bd792a89c0325836fbd64784f4c4117c0171416b"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/d205c489-3266-4ac4-acb7-c8ee570887f7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/bd792a89c0325836fbd64784f4c4117c0171416b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/d205c489-3266-4ac4-acb7-c8ee570887f7"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-26 14:15
Modified
2024-11-21 06:37
Severity ?
Summary
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/star7th/showdoc/commit/3ff0c85d439ccbdfadeb96b5a52acf6318041109 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/f14431e2-f1f6-4331-ba91-a4ea8b26be0c | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/star7th/showdoc/commit/3ff0c85d439ccbdfadeb96b5a52acf6318041109 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/f14431e2-f1f6-4331-ba91-a4ea8b26be0c | Exploit, Issue Tracking, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:showdoc:showdoc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "539E0D6F-3315-47F4-AC10-BDAE8C906034",
"versionEndExcluding": "2.9.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "showdoc is vulnerable to Cross-Site Request Forgery (CSRF)"
},
{
"lang": "es",
"value": "showdoc es vulnerable a un ataque de tipo Cross-Site Request Forgery (CSRF)"
}
],
"id": "CVE-2021-4168",
"lastModified": "2024-11-21T06:37:03.333",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 4.2,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-26T14:15:07.393",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/3ff0c85d439ccbdfadeb96b5a52acf6318041109"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/f14431e2-f1f6-4331-ba91-a4ea8b26be0c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/3ff0c85d439ccbdfadeb96b5a52acf6318041109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/f14431e2-f1f6-4331-ba91-a4ea8b26be0c"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-04 14:15
Modified
2024-11-21 06:22
Severity ?
Summary
showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/star7th/showdoc/commit/4b962c1740311e0d46775023b6acba39ad60e370 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/f9a9defd-29ea-4442-b692-ff1512813de4 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/star7th/showdoc/commit/4b962c1740311e0d46775023b6acba39ad60e370 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/f9a9defd-29ea-4442-b692-ff1512813de4 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:showdoc:showdoc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D88C5D7-CE79-4A65-BF0D-956E2D8EC2FD",
"versionEndExcluding": "2.9.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"
},
{
"lang": "es",
"value": "showdoc es vulnerable al Uso de un Generador de N\u00fameros Pseudoaleatorios (PRNG) Criptogr\u00e1ficamente D\u00e9bil"
}
],
"id": "CVE-2021-3678",
"lastModified": "2024-11-21T06:22:08.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-04T14:15:08.577",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/4b962c1740311e0d46775023b6acba39ad60e370"
},
{
"source": "security@huntr.dev",
"tags": [
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/f9a9defd-29ea-4442-b692-ff1512813de4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/4b962c1740311e0d46775023b6acba39ad60e370"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/f9a9defd-29ea-4442-b692-ff1512813de4"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-338"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-338"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-14 14:15
Modified
2024-11-21 06:39
Severity ?
Summary
Stored XSS viva cshtm file upload in GitHub repository star7th/showdoc prior to v2.10.4.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/star7th/showdoc/commit/e5d575928b1371a7e07b09b6592822298335062a | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/1f8f0021-396e-428e-9748-dd4e359715e1 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/star7th/showdoc/commit/e5d575928b1371a7e07b09b6592822298335062a | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/1f8f0021-396e-428e-9748-dd4e359715e1 | Exploit, Issue Tracking, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:showdoc:showdoc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB841EBE-162B-4399-B2A5-B1EE3350CD36",
"versionEndIncluding": "2.10.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS viva cshtm file upload in GitHub repository star7th/showdoc prior to v2.10.4."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo XSS almacenado por medio de una carga de archivos cshtm en el repositorio de GitHub star7th/showdoc versiones anteriores a v2.10.4"
}
],
"id": "CVE-2022-0946",
"lastModified": "2024-11-21T06:39:43.217",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-14T14:15:07.717",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/e5d575928b1371a7e07b09b6592822298335062a"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/1f8f0021-396e-428e-9748-dd4e359715e1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/e5d575928b1371a7e07b09b6592822298335062a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/1f8f0021-396e-428e-9748-dd4e359715e1"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-13 10:15
Modified
2024-11-21 06:22
Severity ?
Summary
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/star7th/showdoc/commit/67093c879a6563aa6ee08003177777d1975e2351 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/6a59d203-4ca7-4aed-bdb9-1e39b66c77b3 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/star7th/showdoc/commit/67093c879a6563aa6ee08003177777d1975e2351 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/6a59d203-4ca7-4aed-bdb9-1e39b66c77b3 | Exploit, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:showdoc:showdoc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "041B2042-06C7-49B7-9FA1-36B75F724907",
"versionEndIncluding": "2.9.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "showdoc is vulnerable to Cross-Site Request Forgery (CSRF)"
},
{
"lang": "es",
"value": "showdoc es vulnerable a un ataque de tipo Cross-Site Request Forgery (CSRF)"
}
],
"id": "CVE-2021-3775",
"lastModified": "2024-11-21T06:22:23.897",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-13T10:15:07.807",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/67093c879a6563aa6ee08003177777d1975e2351"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/6a59d203-4ca7-4aed-bdb9-1e39b66c77b3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/67093c879a6563aa6ee08003177777d1975e2351"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/6a59d203-4ca7-4aed-bdb9-1e39b66c77b3"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-14 03:15
Modified
2024-11-21 06:39
Severity ?
Summary
Stored xss in showdoc through file upload in GitHub repository star7th/showdoc prior to 2.10.4.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/star7th/showdoc/commit/42c0d9813df3035728b36116a6ce9116e6fa8ed3 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/6127739d-f4f2-44cd-ae3d-e3ccb7f0d7b5 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/star7th/showdoc/commit/42c0d9813df3035728b36116a6ce9116e6fa8ed3 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/6127739d-f4f2-44cd-ae3d-e3ccb7f0d7b5 | Exploit, Issue Tracking, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:showdoc:showdoc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB841EBE-162B-4399-B2A5-B1EE3350CD36",
"versionEndIncluding": "2.10.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stored xss in showdoc through file upload in GitHub repository star7th/showdoc prior to 2.10.4."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo xss almacenado en showdoc mediante una carga de archivos en el repositorio de GitHub star7th/showdoc versiones anteriores a 2.10.4"
}
],
"id": "CVE-2022-0937",
"lastModified": "2024-11-21T06:39:42.043",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-14T03:15:08.280",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/42c0d9813df3035728b36116a6ce9116e6fa8ed3"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/6127739d-f4f2-44cd-ae3d-e3ccb7f0d7b5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/42c0d9813df3035728b36116a6ce9116e6fa8ed3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/6127739d-f4f2-44cd-ae3d-e3ccb7f0d7b5"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-14 11:15
Modified
2024-11-21 06:39
Severity ?
Summary
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/star7th/showdoc/commit/78522520892d4e29cc94148c6ec84a204a607b73 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/856bd2e2-db4f-4b7d-9927-222261ae3782 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/star7th/showdoc/commit/78522520892d4e29cc94148c6ec84a204a607b73 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/856bd2e2-db4f-4b7d-9927-222261ae3782 | Exploit, Issue Tracking, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:showdoc:showdoc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB841EBE-162B-4399-B2A5-B1EE3350CD36",
"versionEndIncluding": "2.10.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo XSS almacenado debido a una Subida de Archivos sin Restricciones en el repositorio de GitHub star7th/showdoc versiones anteriores a v2.10.4"
}
],
"id": "CVE-2022-0940",
"lastModified": "2024-11-21T06:39:42.417",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-14T11:15:08.920",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/78522520892d4e29cc94148c6ec84a204a607b73"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/856bd2e2-db4f-4b7d-9927-222261ae3782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/78522520892d4e29cc94148c6ec84a204a607b73"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/856bd2e2-db4f-4b7d-9927-222261ae3782"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-15 13:15
Modified
2024-11-21 06:39
Severity ?
Summary
Stored XSS via File Upload in GitHub repository star7th/showdoc prior to v.2.10.4.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/star7th/showdoc/commit/56e450c3adf75c707500d7231a78c9fc894c7f13 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/5b0e3f02-309f-4b59-8020-d7ac0f1999f2 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/star7th/showdoc/commit/56e450c3adf75c707500d7231a78c9fc894c7f13 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/5b0e3f02-309f-4b59-8020-d7ac0f1999f2 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:showdoc:showdoc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB841EBE-162B-4399-B2A5-B1EE3350CD36",
"versionEndIncluding": "2.10.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS via File Upload in GitHub repository star7th/showdoc prior to v.2.10.4."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo XSS almacenado por medio de una carga de archivos en el repositorio de GitHub star7th/showdoc versiones anteriores a 2.10.4"
}
],
"id": "CVE-2022-0956",
"lastModified": "2024-11-21T06:39:44.443",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.5,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-15T13:15:07.743",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/56e450c3adf75c707500d7231a78c9fc894c7f13"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/5b0e3f02-309f-4b59-8020-d7ac0f1999f2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/56e450c3adf75c707500d7231a78c9fc894c7f13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/5b0e3f02-309f-4b59-8020-d7ac0f1999f2"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-01 11:15
Modified
2024-11-21 06:23
Severity ?
Summary
showdoc is vulnerable to URL Redirection to Untrusted Site
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/star7th/showdoc/commit/335afc7ed6d6627c3d0434aa9acc168c77117614 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/ffc61eff-efea-42c5-92c2-e043fdf904d5 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/star7th/showdoc/commit/335afc7ed6d6627c3d0434aa9acc168c77117614 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/ffc61eff-efea-42c5-92c2-e043fdf904d5 | Exploit, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:showdoc:showdoc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3ED61945-F39E-4395-BA12-8F3F8A7E55A0",
"versionEndExcluding": "2.9.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "showdoc is vulnerable to URL Redirection to Untrusted Site"
},
{
"lang": "es",
"value": "showdoc es vulnerable a una Redirecci\u00f3n de la URL a un Sitio no Confiable"
}
],
"id": "CVE-2021-3989",
"lastModified": "2024-11-21T06:23:19.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-01T11:15:07.923",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/335afc7ed6d6627c3d0434aa9acc168c77117614"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/ffc61eff-efea-42c5-92c2-e043fdf904d5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/335afc7ed6d6627c3d0434aa9acc168c77117614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/ffc61eff-efea-42c5-92c2-e043fdf904d5"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-01-22 12:15
Modified
2024-11-21 06:37
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/star7th/showdoc/commit/409c8a1208bbb847046a9496303192980f2e6219 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/c041b693-877b-4456-b463-19e4c9456eee | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/star7th/showdoc/commit/409c8a1208bbb847046a9496303192980f2e6219 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/c041b693-877b-4456-b463-19e4c9456eee | Exploit, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:showdoc:showdoc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E2EBF3-77AE-4BBD-9F64-7BB74052FE1E",
"versionEndExcluding": "2.10.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en el repositorio de GitHub star7th/showdoc versiones anteriores a 2.10.2"
}
],
"id": "CVE-2021-4172",
"lastModified": "2024-11-21T06:37:03.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-22T12:15:07.623",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/409c8a1208bbb847046a9496303192980f2e6219"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/c041b693-877b-4456-b463-19e4c9456eee"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/409c8a1208bbb847046a9496303192980f2e6219"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/c041b693-877b-4456-b463-19e4c9456eee"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-01 11:15
Modified
2024-11-21 06:23
Severity ?
Summary
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/star7th/showdoc/commit/654e871a3923e79076818a9a03533fe88222c871 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/0aa84736-139b-4ae7-becf-604f7f60b1c9 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/star7th/showdoc/commit/654e871a3923e79076818a9a03533fe88222c871 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/0aa84736-139b-4ae7-becf-604f7f60b1c9 | Exploit, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:showdoc:showdoc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3ED61945-F39E-4395-BA12-8F3F8A7E55A0",
"versionEndExcluding": "2.9.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "showdoc is vulnerable to Cross-Site Request Forgery (CSRF)"
},
{
"lang": "es",
"value": "showdoc es vulnerable a un ataque de tipo Cross-Site Request Forgery (CSRF)"
}
],
"id": "CVE-2021-3993",
"lastModified": "2024-11-21T06:23:19.927",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-01T11:15:08.097",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/654e871a3923e79076818a9a03533fe88222c871"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/0aa84736-139b-4ae7-becf-604f7f60b1c9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/654e871a3923e79076818a9a03533fe88222c871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/0aa84736-139b-4ae7-becf-604f7f60b1c9"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-27 16:29
Modified
2024-11-21 03:58
Severity ?
Summary
ShowDoc 2.4.1 allows remote attackers to obtain sensitive information by navigating with a modified page_id, as demonstrated by reading note content, or discovering a username in the JSON data at a diff URL.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/CCCCCrash/POCs/tree/master/Web/showdoc/IncorrectAccessControl | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/CCCCCrash/POCs/tree/master/Web/showdoc/IncorrectAccessControl | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:showdoc:showdoc:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60FAF69B-91E1-4DCF-924D-1B484D7913E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ShowDoc 2.4.1 allows remote attackers to obtain sensitive information by navigating with a modified page_id, as demonstrated by reading note content, or discovering a username in the JSON data at a diff URL."
},
{
"lang": "es",
"value": "ShowDoc 2.4.1 permite que atacantes remotos obtengan informaci\u00f3n sensible navegando con un page_id modificado, tal y como queda demostrado con la lectura del contenido de las notas o al descubrir un nombre de usuario en los datos JSON en una URL diferente."
}
],
"id": "CVE-2018-19609",
"lastModified": "2024-11-21T03:58:16.707",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-27T16:29:01.363",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/CCCCCrash/POCs/tree/master/Web/showdoc/IncorrectAccessControl"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/CCCCCrash/POCs/tree/master/Web/showdoc/IncorrectAccessControl"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-15 16:15
Modified
2024-11-21 06:39
Severity ?
Summary
Stored XSS via File Upload in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.4.10.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/e06c0d55-00a3-4f82-a009-0310b2e402fe | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/e06c0d55-00a3-4f82-a009-0310b2e402fe | Exploit, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:showdoc:showdoc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBC8A7C-5164-4929-83BA-250BE9BFADD4",
"versionEndExcluding": "2.4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS via File Upload in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.4.10."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo XSS almacenado por medio de una Subida de Archivos en star7th/showdoc en el repositorio de GitHub star7th/showdoc versiones anteriores a 2.4.10"
}
],
"id": "CVE-2022-0966",
"lastModified": "2024-11-21T06:39:45.637",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-15T16:15:09.097",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/e06c0d55-00a3-4f82-a009-0310b2e402fe"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/e06c0d55-00a3-4f82-a009-0310b2e402fe"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-22 05:29
Modified
2024-11-21 03:57
Severity ?
Summary
ShowDoc 2.4.1 has XSS via the lang parameter because install/database.php mishandles the $cur_lang value.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/star7th/showdoc/issues/392 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/star7th/showdoc/issues/392 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:showdoc:showdoc:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60FAF69B-91E1-4DCF-924D-1B484D7913E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ShowDoc 2.4.1 has XSS via the lang parameter because install/database.php mishandles the $cur_lang value."
},
{
"lang": "es",
"value": "ShowDoc 2.4.1 tiene Cross-Site Scripting (XSS) mediante el par\u00e1metro lang debido a que install/database.php gestiona el valor $cur_lang de forma incorrecta."
}
],
"id": "CVE-2018-19433",
"lastModified": "2024-11-21T03:57:54.427",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-22T05:29:01.027",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/issues/392"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/issues/392"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-01-03 03:15
Modified
2024-11-21 06:37
Severity ?
Summary
showdoc is vulnerable to Generation of Error Message Containing Sensitive Information
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/star7th/showdoc/commit/e43df0a190f68aefa272507d3bd54475f566c1db | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/b37f0e26-355a-4d50-8495-a567c10828ee | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/star7th/showdoc/commit/e43df0a190f68aefa272507d3bd54475f566c1db | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/b37f0e26-355a-4d50-8495-a567c10828ee | Exploit, Issue Tracking, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:showdoc:showdoc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68D74CF8-F933-4FA6-87EC-783A4E196DAE",
"versionEndExcluding": "2.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "showdoc is vulnerable to Generation of Error Message Containing Sensitive Information"
},
{
"lang": "es",
"value": "showdoc es vulnerable a una Generaci\u00f3n de Mensajes de Error Conteniendo Informaci\u00f3n Confidencial"
}
],
"id": "CVE-2022-0079",
"lastModified": "2024-11-21T06:37:52.397",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-03T03:15:07.013",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/e43df0a190f68aefa272507d3bd54475f566c1db"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/b37f0e26-355a-4d50-8495-a567c10828ee"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/e43df0a190f68aefa272507d3bd54475f566c1db"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/b37f0e26-355a-4d50-8495-a567c10828ee"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-14 08:15
Modified
2024-11-21 06:39
Severity ?
Summary
Stored XSS via file upload in GitHub repository star7th/showdoc prior to v2.10.4.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/star7th/showdoc/commit/830c89a4c2c5fd0dd491422bf8e97b4eb5713f55 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/3eb5a8f9-24e3-4eae-a212-070b2fbc237e | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/star7th/showdoc/commit/830c89a4c2c5fd0dd491422bf8e97b4eb5713f55 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/3eb5a8f9-24e3-4eae-a212-070b2fbc237e | Exploit, Issue Tracking, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:showdoc:showdoc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB841EBE-162B-4399-B2A5-B1EE3350CD36",
"versionEndIncluding": "2.10.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS via file upload in GitHub repository star7th/showdoc prior to v2.10.4."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo XSS almacenado por medio de una carga de archivos en el repositorio de GitHub star7th/showdoc versiones anteriores a v2.10.4"
}
],
"id": "CVE-2022-0938",
"lastModified": "2024-11-21T06:39:42.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-14T08:15:07.740",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/830c89a4c2c5fd0dd491422bf8e97b4eb5713f55"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/3eb5a8f9-24e3-4eae-a212-070b2fbc237e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/star7th/showdoc/commit/830c89a4c2c5fd0dd491422bf8e97b4eb5713f55"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/3eb5a8f9-24e3-4eae-a212-070b2fbc237e"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-28 08:29
Modified
2024-11-21 03:58
Severity ?
Summary
server/index.php?s=/api/teamMember/save in ShowDoc 2.4.2 has a CSRF that can add members to a team.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/CCCCCrash/POCs/tree/master/Web/showdoc/csrf | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/CCCCCrash/POCs/tree/master/Web/showdoc/csrf | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:showdoc:showdoc:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "603CB59E-A65A-480D-A3AA-7195B2CFB4FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "server/index.php?s=/api/teamMember/save in ShowDoc 2.4.2 has a CSRF that can add members to a team."
},
{
"lang": "es",
"value": "server/index.php?s=/api/teamMember/save en ShowDoc 2.4.2 tiene Cross-Site Request Forgery (CSRF) que puede a\u00f1adir miembros a un equipo."
}
],
"id": "CVE-2018-19621",
"lastModified": "2024-11-21T03:58:17.813",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-28T08:29:00.497",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/CCCCCrash/POCs/tree/master/Web/showdoc/csrf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/CCCCCrash/POCs/tree/master/Web/showdoc/csrf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2018-19609 (GCVE-0-2018-19609)
Vulnerability from cvelistv5
Published
2018-11-27 16:00
Modified
2024-08-05 11:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ShowDoc 2.4.1 allows remote attackers to obtain sensitive information by navigating with a modified page_id, as demonstrated by reading note content, or discovering a username in the JSON data at a diff URL.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:44:19.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/CCCCCrash/POCs/tree/master/Web/showdoc/IncorrectAccessControl"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ShowDoc 2.4.1 allows remote attackers to obtain sensitive information by navigating with a modified page_id, as demonstrated by reading note content, or discovering a username in the JSON data at a diff URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-27T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CCCCCrash/POCs/tree/master/Web/showdoc/IncorrectAccessControl"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19609",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ShowDoc 2.4.1 allows remote attackers to obtain sensitive information by navigating with a modified page_id, as demonstrated by reading note content, or discovering a username in the JSON data at a diff URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/CCCCCrash/POCs/tree/master/Web/showdoc/IncorrectAccessControl",
"refsource": "MISC",
"url": "https://github.com/CCCCCrash/POCs/tree/master/Web/showdoc/IncorrectAccessControl"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19609",
"datePublished": "2018-11-27T16:00:00",
"dateReserved": "2018-11-27T00:00:00",
"dateUpdated": "2024-08-05T11:44:19.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0937 (GCVE-0-2022-0937)
Vulnerability from cvelistv5
Published
2022-03-14 02:35
Modified
2024-08-02 23:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Stored xss in showdoc through file upload in GitHub repository star7th/showdoc prior to 2.10.4.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Version: unspecified < 2.10.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.765Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/6127739d-f4f2-44cd-ae3d-e3ccb7f0d7b5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/42c0d9813df3035728b36116a6ce9116e6fa8ed3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "2.10.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored xss in showdoc through file upload in GitHub repository star7th/showdoc prior to 2.10.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-14T02:35:09",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/6127739d-f4f2-44cd-ae3d-e3ccb7f0d7b5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/42c0d9813df3035728b36116a6ce9116e6fa8ed3"
}
],
"source": {
"advisory": "6127739d-f4f2-44cd-ae3d-e3ccb7f0d7b5",
"discovery": "EXTERNAL"
},
"title": "Stored xss in showdoc through file upload in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0937",
"STATE": "PUBLIC",
"TITLE": "Stored xss in showdoc through file upload in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.10.4"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored xss in showdoc through file upload in GitHub repository star7th/showdoc prior to 2.10.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/6127739d-f4f2-44cd-ae3d-e3ccb7f0d7b5",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/6127739d-f4f2-44cd-ae3d-e3ccb7f0d7b5"
},
{
"name": "https://github.com/star7th/showdoc/commit/42c0d9813df3035728b36116a6ce9116e6fa8ed3",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/42c0d9813df3035728b36116a6ce9116e6fa8ed3"
}
]
},
"source": {
"advisory": "6127739d-f4f2-44cd-ae3d-e3ccb7f0d7b5",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0937",
"datePublished": "2022-03-14T02:35:09",
"dateReserved": "2022-03-13T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.765Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3989 (GCVE-0-2021-3989)
Vulnerability from cvelistv5
Published
2021-12-01 10:55
Modified
2024-08-03 17:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-601 - URL Redirection to Untrusted Site
Summary
showdoc is vulnerable to URL Redirection to Untrusted Site
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Version: unspecified < 2.9.13 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.754Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/ffc61eff-efea-42c5-92c2-e043fdf904d5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/335afc7ed6d6627c3d0434aa9acc168c77117614"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "2.9.13",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "showdoc is vulnerable to URL Redirection to Untrusted Site"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-01T10:55:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/ffc61eff-efea-42c5-92c2-e043fdf904d5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/335afc7ed6d6627c3d0434aa9acc168c77117614"
}
],
"source": {
"advisory": "ffc61eff-efea-42c5-92c2-e043fdf904d5",
"discovery": "EXTERNAL"
},
"title": "Open Redirect in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3989",
"STATE": "PUBLIC",
"TITLE": "Open Redirect in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.9.13"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "showdoc is vulnerable to URL Redirection to Untrusted Site"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 URL Redirection to Untrusted Site"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/ffc61eff-efea-42c5-92c2-e043fdf904d5",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/ffc61eff-efea-42c5-92c2-e043fdf904d5"
},
{
"name": "https://github.com/star7th/showdoc/commit/335afc7ed6d6627c3d0434aa9acc168c77117614",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/335afc7ed6d6627c3d0434aa9acc168c77117614"
}
]
},
"source": {
"advisory": "ffc61eff-efea-42c5-92c2-e043fdf904d5",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3989",
"datePublished": "2021-12-01T10:55:10",
"dateReserved": "2021-11-20T00:00:00",
"dateUpdated": "2024-08-03T17:09:09.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19433 (GCVE-0-2018-19433)
Vulnerability from cvelistv5
Published
2018-11-22 05:00
Modified
2024-08-05 11:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ShowDoc 2.4.1 has XSS via the lang parameter because install/database.php mishandles the $cur_lang value.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:37:11.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/issues/392"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ShowDoc 2.4.1 has XSS via the lang parameter because install/database.php mishandles the $cur_lang value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-22T05:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/issues/392"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19433",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ShowDoc 2.4.1 has XSS via the lang parameter because install/database.php mishandles the $cur_lang value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/star7th/showdoc/issues/392",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/issues/392"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19433",
"datePublished": "2018-11-22T05:00:00",
"dateReserved": "2018-11-21T00:00:00",
"dateUpdated": "2024-08-05T11:37:11.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0938 (GCVE-0-2022-0938)
Vulnerability from cvelistv5
Published
2022-03-14 08:05
Modified
2024-08-02 23:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Stored XSS via file upload in GitHub repository star7th/showdoc prior to v2.10.4.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Version: unspecified < v2.10.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/3eb5a8f9-24e3-4eae-a212-070b2fbc237e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/830c89a4c2c5fd0dd491422bf8e97b4eb5713f55"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "v2.10.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS via file upload in GitHub repository star7th/showdoc prior to v2.10.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-14T08:05:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/3eb5a8f9-24e3-4eae-a212-070b2fbc237e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/830c89a4c2c5fd0dd491422bf8e97b4eb5713f55"
}
],
"source": {
"advisory": "3eb5a8f9-24e3-4eae-a212-070b2fbc237e",
"discovery": "EXTERNAL"
},
"title": "Stored XSS via file upload in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0938",
"STATE": "PUBLIC",
"TITLE": "Stored XSS via file upload in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.10.4"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS via file upload in GitHub repository star7th/showdoc prior to v2.10.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/3eb5a8f9-24e3-4eae-a212-070b2fbc237e",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/3eb5a8f9-24e3-4eae-a212-070b2fbc237e"
},
{
"name": "https://github.com/star7th/showdoc/commit/830c89a4c2c5fd0dd491422bf8e97b4eb5713f55",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/830c89a4c2c5fd0dd491422bf8e97b4eb5713f55"
}
]
},
"source": {
"advisory": "3eb5a8f9-24e3-4eae-a212-070b2fbc237e",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0938",
"datePublished": "2022-03-14T08:05:10",
"dateReserved": "2022-03-13T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0956 (GCVE-0-2022-0956)
Vulnerability from cvelistv5
Published
2022-03-15 12:20
Modified
2024-08-02 23:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Stored XSS via File Upload in GitHub repository star7th/showdoc prior to v.2.10.4.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Version: unspecified < v.2.10.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/5b0e3f02-309f-4b59-8020-d7ac0f1999f2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/56e450c3adf75c707500d7231a78c9fc894c7f13"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "v.2.10.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS via File Upload in GitHub repository star7th/showdoc prior to v.2.10.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T12:20:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/5b0e3f02-309f-4b59-8020-d7ac0f1999f2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/56e450c3adf75c707500d7231a78c9fc894c7f13"
}
],
"source": {
"advisory": "5b0e3f02-309f-4b59-8020-d7ac0f1999f2",
"discovery": "EXTERNAL"
},
"title": "Stored XSS via File Upload in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0956",
"STATE": "PUBLIC",
"TITLE": "Stored XSS via File Upload in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v.2.10.4"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS via File Upload in GitHub repository star7th/showdoc prior to v.2.10.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/5b0e3f02-309f-4b59-8020-d7ac0f1999f2",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/5b0e3f02-309f-4b59-8020-d7ac0f1999f2"
},
{
"name": "https://github.com/star7th/showdoc/commit/56e450c3adf75c707500d7231a78c9fc894c7f13",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/56e450c3adf75c707500d7231a78c9fc894c7f13"
}
]
},
"source": {
"advisory": "5b0e3f02-309f-4b59-8020-d7ac0f1999f2",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0956",
"datePublished": "2022-03-15T12:20:10",
"dateReserved": "2022-03-14T00:00:00",
"dateUpdated": "2024-08-02T23:47:43.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16342 (GCVE-0-2018-16342)
Vulnerability from cvelistv5
Published
2018-09-02 18:00
Modified
2024-08-05 10:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ShowDoc v1.8.0 has XSS via a new page.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:24:32.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/issues/325"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ShowDoc v1.8.0 has XSS via a new page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-02T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/issues/325"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16342",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ShowDoc v1.8.0 has XSS via a new page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/star7th/showdoc/issues/325",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/issues/325"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16342",
"datePublished": "2018-09-02T18:00:00",
"dateReserved": "2018-09-02T00:00:00",
"dateUpdated": "2024-08-05T10:24:32.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3683 (GCVE-0-2021-3683)
Vulnerability from cvelistv5
Published
2021-11-13 09:30
Modified
2024-08-03 17:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Summary
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:08.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/67093c879a6563aa6ee08003177777d1975e2351"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/063a339a-5d78-40d6-a96a-6716960e8134"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThanOrEqual": "2.9.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "showdoc is vulnerable to Cross-Site Request Forgery (CSRF)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-13T09:30:11",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/67093c879a6563aa6ee08003177777d1975e2351"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/063a339a-5d78-40d6-a96a-6716960e8134"
}
],
"source": {
"advisory": "063a339a-5d78-40d6-a96a-6716960e8134",
"discovery": "EXTERNAL"
},
"title": "Cross-Site Request Forgery (CSRF) in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3683",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Request Forgery (CSRF) in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.9.12"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "showdoc is vulnerable to Cross-Site Request Forgery (CSRF)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/star7th/showdoc/commit/67093c879a6563aa6ee08003177777d1975e2351",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/67093c879a6563aa6ee08003177777d1975e2351"
},
{
"name": "https://huntr.dev/bounties/063a339a-5d78-40d6-a96a-6716960e8134",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/063a339a-5d78-40d6-a96a-6716960e8134"
}
]
},
"source": {
"advisory": "063a339a-5d78-40d6-a96a-6716960e8134",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3683",
"datePublished": "2021-11-13T09:30:11",
"dateReserved": "2021-08-05T00:00:00",
"dateUpdated": "2024-08-03T17:01:08.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0951 (GCVE-0-2022-0951)
Vulnerability from cvelistv5
Published
2022-03-15 08:20
Modified
2024-08-02 23:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Summary
File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Version: unspecified < 2.10.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.353Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/237ac6d43bf3728bf3587c486a23b4a48ea7acb3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/b3a983a3-17f9-4aa8-92d7-8a0c92a93932"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "2.10.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T08:20:15",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/237ac6d43bf3728bf3587c486a23b4a48ea7acb3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/b3a983a3-17f9-4aa8-92d7-8a0c92a93932"
}
],
"source": {
"advisory": "b3a983a3-17f9-4aa8-92d7-8a0c92a93932",
"discovery": "EXTERNAL"
},
"title": "File Upload Restriction Bypass leading to Stored XSS Vulnerability in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0951",
"STATE": "PUBLIC",
"TITLE": "File Upload Restriction Bypass leading to Stored XSS Vulnerability in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.10.4"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/star7th/showdoc/commit/237ac6d43bf3728bf3587c486a23b4a48ea7acb3",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/237ac6d43bf3728bf3587c486a23b4a48ea7acb3"
},
{
"name": "https://huntr.dev/bounties/b3a983a3-17f9-4aa8-92d7-8a0c92a93932",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/b3a983a3-17f9-4aa8-92d7-8a0c92a93932"
}
]
},
"source": {
"advisory": "b3a983a3-17f9-4aa8-92d7-8a0c92a93932",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0951",
"datePublished": "2022-03-15T08:20:15",
"dateReserved": "2022-03-14T00:00:00",
"dateUpdated": "2024-08-02T23:47:43.353Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4172 (GCVE-0-2021-4172)
Vulnerability from cvelistv5
Published
2022-01-22 11:40
Modified
2024-08-03 17:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Version: unspecified < 2.10.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/c041b693-877b-4456-b463-19e4c9456eee"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/409c8a1208bbb847046a9496303192980f2e6219"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "2.10.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-22T11:40:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/c041b693-877b-4456-b463-19e4c9456eee"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/409c8a1208bbb847046a9496303192980f2e6219"
}
],
"source": {
"advisory": "c041b693-877b-4456-b463-19e4c9456eee",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-4172",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.10.2"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/c041b693-877b-4456-b463-19e4c9456eee",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/c041b693-877b-4456-b463-19e4c9456eee"
},
{
"name": "https://github.com/star7th/showdoc/commit/409c8a1208bbb847046a9496303192980f2e6219",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/409c8a1208bbb847046a9496303192980f2e6219"
}
]
},
"source": {
"advisory": "c041b693-877b-4456-b463-19e4c9456eee",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-4172",
"datePublished": "2022-01-22T11:40:10",
"dateReserved": "2021-12-26T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0362 (GCVE-0-2022-0362)
Vulnerability from cvelistv5
Published
2022-01-26 12:40
Modified
2024-08-02 23:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
Summary
SQL Injection in Packagist showdoc/showdoc prior to 2.10.3.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Version: unspecified < 2.10.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/e7c72417-eb8f-416c-8480-be76ac0a9091"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/2b34e267e4186125f99bfa420140634ad45801fb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "2.10.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection in Packagist showdoc/showdoc prior to 2.10.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-26T12:40:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/e7c72417-eb8f-416c-8480-be76ac0a9091"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/2b34e267e4186125f99bfa420140634ad45801fb"
}
],
"source": {
"advisory": "e7c72417-eb8f-416c-8480-be76ac0a9091",
"discovery": "EXTERNAL"
},
"title": " SQL Injection in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0362",
"STATE": "PUBLIC",
"TITLE": " SQL Injection in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.10.3"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL Injection in Packagist showdoc/showdoc prior to 2.10.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/e7c72417-eb8f-416c-8480-be76ac0a9091",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/e7c72417-eb8f-416c-8480-be76ac0a9091"
},
{
"name": "https://github.com/star7th/showdoc/commit/2b34e267e4186125f99bfa420140634ad45801fb",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/2b34e267e4186125f99bfa420140634ad45801fb"
}
]
},
"source": {
"advisory": "e7c72417-eb8f-416c-8480-be76ac0a9091",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0362",
"datePublished": "2022-01-26T12:40:10",
"dateReserved": "2022-01-25T00:00:00",
"dateUpdated": "2024-08-02T23:25:40.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41745 (GCVE-0-2021-41745)
Vulnerability from cvelistv5
Published
2021-10-22 11:56
Modified
2024-08-04 03:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:15:29.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/purple-WL/SHOWDOC-file-upload-vulnerability"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cnvd.org.cn/flaw/show/CNVD-2020-49480"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-22T11:56:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/purple-WL/SHOWDOC-file-upload-vulnerability"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cnvd.org.cn/flaw/show/CNVD-2020-49480"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-41745",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/purple-WL/SHOWDOC-file-upload-vulnerability",
"refsource": "MISC",
"url": "https://github.com/purple-WL/SHOWDOC-file-upload-vulnerability"
},
{
"name": "https://www.cnvd.org.cn/flaw/show/CNVD-2020-49480",
"refsource": "MISC",
"url": "https://www.cnvd.org.cn/flaw/show/CNVD-2020-49480"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-41745",
"datePublished": "2021-10-22T11:56:28",
"dateReserved": "2021-09-27T00:00:00",
"dateUpdated": "2024-08-04T03:15:29.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19621 (GCVE-0-2018-19621)
Vulnerability from cvelistv5
Published
2018-11-28 08:00
Modified
2024-09-17 03:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
server/index.php?s=/api/teamMember/save in ShowDoc 2.4.2 has a CSRF that can add members to a team.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:44:19.399Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/CCCCCrash/POCs/tree/master/Web/showdoc/csrf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "server/index.php?s=/api/teamMember/save in ShowDoc 2.4.2 has a CSRF that can add members to a team."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-28T08:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CCCCCrash/POCs/tree/master/Web/showdoc/csrf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19621",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "server/index.php?s=/api/teamMember/save in ShowDoc 2.4.2 has a CSRF that can add members to a team."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/CCCCCrash/POCs/tree/master/Web/showdoc/csrf",
"refsource": "MISC",
"url": "https://github.com/CCCCCrash/POCs/tree/master/Web/showdoc/csrf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19621",
"datePublished": "2018-11-28T08:00:00Z",
"dateReserved": "2018-11-28T00:00:00Z",
"dateUpdated": "2024-09-17T03:33:34.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3678 (GCVE-0-2021-3678)
Vulnerability from cvelistv5
Published
2021-08-04 13:14
Modified
2024-08-03 17:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Summary
showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/f9a9defd-29ea-4442-b692-ff1512813de4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/4b962c1740311e0d46775023b6acba39ad60e370"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThanOrEqual": "2.9.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-04T13:14:29",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/f9a9defd-29ea-4442-b692-ff1512813de4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/4b962c1740311e0d46775023b6acba39ad60e370"
}
],
"source": {
"advisory": "f9a9defd-29ea-4442-b692-ff1512813de4",
"discovery": "EXTERNAL"
},
"title": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3678",
"STATE": "PUBLIC",
"TITLE": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.9.7"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/f9a9defd-29ea-4442-b692-ff1512813de4",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/f9a9defd-29ea-4442-b692-ff1512813de4"
},
{
"name": "https://github.com/star7th/showdoc/commit/4b962c1740311e0d46775023b6acba39ad60e370",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/4b962c1740311e0d46775023b6acba39ad60e370"
}
]
},
"source": {
"advisory": "f9a9defd-29ea-4442-b692-ff1512813de4",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3678",
"datePublished": "2021-08-04T13:14:29",
"dateReserved": "2021-08-03T00:00:00",
"dateUpdated": "2024-08-03T17:01:07.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3776 (GCVE-0-2021-3776)
Vulnerability from cvelistv5
Published
2021-11-13 09:20
Modified
2024-08-03 17:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Summary
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:08.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/e0edf27d-437e-44fe-907a-df020f385304"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/67093c879a6563aa6ee08003177777d1975e2351"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThanOrEqual": "2.9.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "showdoc is vulnerable to Cross-Site Request Forgery (CSRF)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-13T09:20:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/e0edf27d-437e-44fe-907a-df020f385304"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/67093c879a6563aa6ee08003177777d1975e2351"
}
],
"source": {
"advisory": "e0edf27d-437e-44fe-907a-df020f385304",
"discovery": "EXTERNAL"
},
"title": "Cross-Site Request Forgery (CSRF) in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3776",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Request Forgery (CSRF) in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.9.12"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "showdoc is vulnerable to Cross-Site Request Forgery (CSRF)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/e0edf27d-437e-44fe-907a-df020f385304",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/e0edf27d-437e-44fe-907a-df020f385304"
},
{
"name": "https://github.com/star7th/showdoc/commit/67093c879a6563aa6ee08003177777d1975e2351",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/67093c879a6563aa6ee08003177777d1975e2351"
}
]
},
"source": {
"advisory": "e0edf27d-437e-44fe-907a-df020f385304",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3776",
"datePublished": "2021-11-13T09:20:10",
"dateReserved": "2021-09-06T00:00:00",
"dateUpdated": "2024-08-03T17:09:08.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0957 (GCVE-0-2022-0957)
Vulnerability from cvelistv5
Published
2022-03-15 12:30
Modified
2024-08-02 23:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Version: unspecified < 2.10.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.901Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/b4918d45-b635-40db-bb4b-34035e1aca21"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/d1c9ed0d77ea5d56f09be0c492361dca8af745bb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "2.10.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T12:30:12",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/b4918d45-b635-40db-bb4b-34035e1aca21"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/d1c9ed0d77ea5d56f09be0c492361dca8af745bb"
}
],
"source": {
"advisory": "b4918d45-b635-40db-bb4b-34035e1aca21",
"discovery": "EXTERNAL"
},
"title": "Stored XSS via File Upload in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0957",
"STATE": "PUBLIC",
"TITLE": "Stored XSS via File Upload in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.10.4"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/b4918d45-b635-40db-bb4b-34035e1aca21",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/b4918d45-b635-40db-bb4b-34035e1aca21"
},
{
"name": "https://github.com/star7th/showdoc/commit/d1c9ed0d77ea5d56f09be0c492361dca8af745bb",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/d1c9ed0d77ea5d56f09be0c492361dca8af745bb"
}
]
},
"source": {
"advisory": "b4918d45-b635-40db-bb4b-34035e1aca21",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0957",
"datePublished": "2022-03-15T12:30:12",
"dateReserved": "2022-03-14T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0940 (GCVE-0-2022-0940)
Vulnerability from cvelistv5
Published
2022-03-14 10:45
Modified
2024-08-02 23:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Version: unspecified < v2.10.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/856bd2e2-db4f-4b7d-9927-222261ae3782"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/78522520892d4e29cc94148c6ec84a204a607b73"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "v2.10.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-14T10:45:12",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/856bd2e2-db4f-4b7d-9927-222261ae3782"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/78522520892d4e29cc94148c6ec84a204a607b73"
}
],
"source": {
"advisory": "856bd2e2-db4f-4b7d-9927-222261ae3782",
"discovery": "EXTERNAL"
},
"title": "Stored XSS due to Unrestricted File Upload in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0940",
"STATE": "PUBLIC",
"TITLE": "Stored XSS due to Unrestricted File Upload in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.10.4"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/856bd2e2-db4f-4b7d-9927-222261ae3782",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/856bd2e2-db4f-4b7d-9927-222261ae3782"
},
{
"name": "https://github.com/star7th/showdoc/commit/78522520892d4e29cc94148c6ec84a204a607b73",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/78522520892d4e29cc94148c6ec84a204a607b73"
}
]
},
"source": {
"advisory": "856bd2e2-db4f-4b7d-9927-222261ae3782",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0940",
"datePublished": "2022-03-14T10:45:12",
"dateReserved": "2022-03-13T00:00:00",
"dateUpdated": "2024-08-02T23:47:43.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4000 (GCVE-0-2021-4000)
Vulnerability from cvelistv5
Published
2021-12-03 10:45
Modified
2024-08-03 17:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-601 - URL Redirection to Untrusted Site
Summary
showdoc is vulnerable to URL Redirection to Untrusted Site
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Version: unspecified < 2.9.13 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:02.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/e4d803e0-3104-432c-80b3-34bc453c8962"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/c7f10033eba5f2b5a537f9af9ba2379138e67138"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "2.9.13",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "showdoc is vulnerable to URL Redirection to Untrusted Site"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-03T10:45:11",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/e4d803e0-3104-432c-80b3-34bc453c8962"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/c7f10033eba5f2b5a537f9af9ba2379138e67138"
}
],
"source": {
"advisory": "e4d803e0-3104-432c-80b3-34bc453c8962",
"discovery": "EXTERNAL"
},
"title": "Open Redirect in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-4000",
"STATE": "PUBLIC",
"TITLE": "Open Redirect in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.9.13"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "showdoc is vulnerable to URL Redirection to Untrusted Site"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 URL Redirection to Untrusted Site"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/e4d803e0-3104-432c-80b3-34bc453c8962",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/e4d803e0-3104-432c-80b3-34bc453c8962"
},
{
"name": "https://github.com/star7th/showdoc/commit/c7f10033eba5f2b5a537f9af9ba2379138e67138",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/c7f10033eba5f2b5a537f9af9ba2379138e67138"
}
]
},
"source": {
"advisory": "e4d803e0-3104-432c-80b3-34bc453c8962",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-4000",
"datePublished": "2021-12-03T10:45:11",
"dateReserved": "2021-11-22T00:00:00",
"dateUpdated": "2024-08-03T17:16:02.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0520 (GCVE-0-2025-0520)
Vulnerability from cvelistv5
Published
2025-04-29 19:35
Modified
2025-04-29 20:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Summary
An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: before 2.8.7.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0520",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-29T20:38:44.727309Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T20:41:34.177Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ShowDoc",
"vendor": "ShowDoc",
"versions": [
{
"lessThan": "2.8.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.\u003cp\u003eThis issue affects ShowDoc: before 2.8.7.\u003c/p\u003e"
}
],
"value": "An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: before 2.8.7."
}
],
"impacts": [
{
"capecId": "CAPEC-650",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-650 Upload a Web Shell to a Web Server"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T19:49:30.316Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/vulhub/vulhub/tree/master/showdoc/CNVD-2020-26585"
},
{
"tags": [
"patch",
"issue-tracking"
],
"url": "https://github.com/star7th/showdoc/pull/1059"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cnvd.org.cn/flaw/show/CNVD-2020-26585"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ShowDoc Unauthenticated File Upload Remote Code Execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-0520",
"datePublished": "2025-04-29T19:35:37.829Z",
"dateReserved": "2025-01-16T17:23:23.838Z",
"dateUpdated": "2025-04-29T20:41:34.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0965 (GCVE-0-2022-0965)
Vulnerability from cvelistv5
Published
2022-03-15 15:35
Modified
2024-08-02 23:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc prior to 2.10.4.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Version: unspecified < 2.10.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.789Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/d66c88ce-63e2-4515-a429-8e43a42aa347"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "2.10.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc prior to 2.10.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T15:35:23",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/d66c88ce-63e2-4515-a429-8e43a42aa347"
}
],
"source": {
"advisory": "d66c88ce-63e2-4515-a429-8e43a42aa347",
"discovery": "EXTERNAL"
},
"title": "Stored XSS viva .ofd file upload in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0965",
"STATE": "PUBLIC",
"TITLE": "Stored XSS viva .ofd file upload in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.10.4"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc prior to 2.10.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
},
{
"name": "https://huntr.dev/bounties/d66c88ce-63e2-4515-a429-8e43a42aa347",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/d66c88ce-63e2-4515-a429-8e43a42aa347"
}
]
},
"source": {
"advisory": "d66c88ce-63e2-4515-a429-8e43a42aa347",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0965",
"datePublished": "2022-03-15T15:35:23",
"dateReserved": "2022-03-14T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0079 (GCVE-0-2022-0079)
Vulnerability from cvelistv5
Published
2022-01-03 03:00
Modified
2024-08-02 23:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Summary
showdoc is vulnerable to Generation of Error Message Containing Sensitive Information
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Version: unspecified < 2.10.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/b37f0e26-355a-4d50-8495-a567c10828ee"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/e43df0a190f68aefa272507d3bd54475f566c1db"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "2.10.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "showdoc is vulnerable to Generation of Error Message Containing Sensitive Information"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-03T03:00:11",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/b37f0e26-355a-4d50-8495-a567c10828ee"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/e43df0a190f68aefa272507d3bd54475f566c1db"
}
],
"source": {
"advisory": "b37f0e26-355a-4d50-8495-a567c10828ee",
"discovery": "EXTERNAL"
},
"title": "Generation of Error Message Containing Sensitive Information in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0079",
"STATE": "PUBLIC",
"TITLE": "Generation of Error Message Containing Sensitive Information in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.10.0"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "showdoc is vulnerable to Generation of Error Message Containing Sensitive Information"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-209 Generation of Error Message Containing Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/b37f0e26-355a-4d50-8495-a567c10828ee",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/b37f0e26-355a-4d50-8495-a567c10828ee"
},
{
"name": "https://github.com/star7th/showdoc/commit/e43df0a190f68aefa272507d3bd54475f566c1db",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/e43df0a190f68aefa272507d3bd54475f566c1db"
}
]
},
"source": {
"advisory": "b37f0e26-355a-4d50-8495-a567c10828ee",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0079",
"datePublished": "2022-01-03T03:00:11",
"dateReserved": "2022-01-01T00:00:00",
"dateUpdated": "2024-08-02T23:18:41.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0945 (GCVE-0-2022-0945)
Vulnerability from cvelistv5
Published
2022-03-15 03:50
Modified
2024-08-02 23:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Summary
Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Version: unspecified < v2.10.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.758Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/8702e2bf-4af2-4391-b651-c8c89e7d089e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/ba45d19e1d77a7eea866dab30eff5da552694891"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "v2.10.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T03:50:35",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/8702e2bf-4af2-4391-b651-c8c89e7d089e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/ba45d19e1d77a7eea866dab30eff5da552694891"
}
],
"source": {
"advisory": "8702e2bf-4af2-4391-b651-c8c89e7d089e",
"discovery": "EXTERNAL"
},
"title": "Stored XSS viva axd and cshtml file upload in star7th/showdoc in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0945",
"STATE": "PUBLIC",
"TITLE": "Stored XSS viva axd and cshtml file upload in star7th/showdoc in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.10.4"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/8702e2bf-4af2-4391-b651-c8c89e7d089e",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/8702e2bf-4af2-4391-b651-c8c89e7d089e"
},
{
"name": "https://github.com/star7th/showdoc/commit/ba45d19e1d77a7eea866dab30eff5da552694891",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/ba45d19e1d77a7eea866dab30eff5da552694891"
}
]
},
"source": {
"advisory": "8702e2bf-4af2-4391-b651-c8c89e7d089e",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0945",
"datePublished": "2022-03-15T03:50:35",
"dateReserved": "2022-03-14T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4168 (GCVE-0-2021-4168)
Vulnerability from cvelistv5
Published
2021-12-26 13:20
Modified
2024-08-03 17:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Summary
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Version: unspecified < 2.9.15 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/f14431e2-f1f6-4331-ba91-a4ea8b26be0c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/3ff0c85d439ccbdfadeb96b5a52acf6318041109"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "2.9.15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "showdoc is vulnerable to Cross-Site Request Forgery (CSRF)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-26T13:20:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/f14431e2-f1f6-4331-ba91-a4ea8b26be0c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/3ff0c85d439ccbdfadeb96b5a52acf6318041109"
}
],
"source": {
"advisory": "f14431e2-f1f6-4331-ba91-a4ea8b26be0c",
"discovery": "EXTERNAL"
},
"title": "Cross-Site Request Forgery (CSRF) in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-4168",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Request Forgery (CSRF) in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.9.15"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "showdoc is vulnerable to Cross-Site Request Forgery (CSRF)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/f14431e2-f1f6-4331-ba91-a4ea8b26be0c",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/f14431e2-f1f6-4331-ba91-a4ea8b26be0c"
},
{
"name": "https://github.com/star7th/showdoc/commit/3ff0c85d439ccbdfadeb96b5a52acf6318041109",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/3ff0c85d439ccbdfadeb96b5a52acf6318041109"
}
]
},
"source": {
"advisory": "f14431e2-f1f6-4331-ba91-a4ea8b26be0c",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-4168",
"datePublished": "2021-12-26T13:20:10",
"dateReserved": "2021-12-25T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0946 (GCVE-0-2022-0946)
Vulnerability from cvelistv5
Published
2022-03-14 13:20
Modified
2024-08-02 23:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Stored XSS viva cshtm file upload in GitHub repository star7th/showdoc prior to v2.10.4.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Version: unspecified < v2.10.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/1f8f0021-396e-428e-9748-dd4e359715e1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/e5d575928b1371a7e07b09b6592822298335062a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "v2.10.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS viva cshtm file upload in GitHub repository star7th/showdoc prior to v2.10.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-14T13:20:08",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/1f8f0021-396e-428e-9748-dd4e359715e1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/e5d575928b1371a7e07b09b6592822298335062a"
}
],
"source": {
"advisory": "1f8f0021-396e-428e-9748-dd4e359715e1",
"discovery": "EXTERNAL"
},
"title": "Stored XSS viva cshtm file upload in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0946",
"STATE": "PUBLIC",
"TITLE": "Stored XSS viva cshtm file upload in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.10.4"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS viva cshtm file upload in GitHub repository star7th/showdoc prior to v2.10.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/1f8f0021-396e-428e-9748-dd4e359715e1",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/1f8f0021-396e-428e-9748-dd4e359715e1"
},
{
"name": "https://github.com/star7th/showdoc/commit/e5d575928b1371a7e07b09b6592822298335062a",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/e5d575928b1371a7e07b09b6592822298335062a"
}
]
},
"source": {
"advisory": "1f8f0021-396e-428e-9748-dd4e359715e1",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0946",
"datePublished": "2022-03-14T13:20:08",
"dateReserved": "2022-03-14T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0409 (GCVE-0-2022-0409)
Vulnerability from cvelistv5
Published
2022-02-19 04:35
Modified
2024-08-02 23:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Summary
Unrestricted Upload of File with Dangerous Type in Packagist showdoc/showdoc prior to 2.10.2.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Version: unspecified < 2.10.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.441Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/c25bfad1-2611-4226-954f-009e50f966f7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/7383d7a3c1b0807b6f397ba7df415a0ce7ccc436"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "2.10.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type in Packagist showdoc/showdoc prior to 2.10.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-19T04:35:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/c25bfad1-2611-4226-954f-009e50f966f7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/7383d7a3c1b0807b6f397ba7df415a0ce7ccc436"
}
],
"source": {
"advisory": "c25bfad1-2611-4226-954f-009e50f966f7",
"discovery": "EXTERNAL"
},
"title": "Unrestricted Upload of File with Dangerous Type in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0409",
"STATE": "PUBLIC",
"TITLE": "Unrestricted Upload of File with Dangerous Type in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.10.2"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted Upload of File with Dangerous Type in Packagist showdoc/showdoc prior to 2.10.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/c25bfad1-2611-4226-954f-009e50f966f7",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/c25bfad1-2611-4226-954f-009e50f966f7"
},
{
"name": "https://github.com/star7th/showdoc/commit/7383d7a3c1b0807b6f397ba7df415a0ce7ccc436",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/7383d7a3c1b0807b6f397ba7df415a0ce7ccc436"
}
]
},
"source": {
"advisory": "c25bfad1-2611-4226-954f-009e50f966f7",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0409",
"datePublished": "2022-02-19T04:35:10",
"dateReserved": "2022-01-29T00:00:00",
"dateUpdated": "2024-08-02T23:25:40.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19620 (GCVE-0-2018-19620)
Vulnerability from cvelistv5
Published
2018-11-28 08:00
Modified
2024-09-16 17:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified page_id.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:44:19.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/CCCCCrash/POCs/tree/master/Web/showdoc/IncorrectAccessControl#0x02-modify"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/issues/397"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/bcdb5e3519285bdf81e618b3c9b90d22bc49e13c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ShowDoc 2.4.1 allows remote attackers to edit other users\u0027 notes by navigating with a modified page_id."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-28T08:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CCCCCrash/POCs/tree/master/Web/showdoc/IncorrectAccessControl#0x02-modify"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/issues/397"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/bcdb5e3519285bdf81e618b3c9b90d22bc49e13c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19620",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ShowDoc 2.4.1 allows remote attackers to edit other users\u0027 notes by navigating with a modified page_id."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/CCCCCrash/POCs/tree/master/Web/showdoc/IncorrectAccessControl#0x02-modify",
"refsource": "MISC",
"url": "https://github.com/CCCCCrash/POCs/tree/master/Web/showdoc/IncorrectAccessControl#0x02-modify"
},
{
"name": "https://github.com/star7th/showdoc/issues/397",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/issues/397"
},
{
"name": "https://github.com/star7th/showdoc/commit/bcdb5e3519285bdf81e618b3c9b90d22bc49e13c",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/bcdb5e3519285bdf81e618b3c9b90d22bc49e13c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19620",
"datePublished": "2018-11-28T08:00:00Z",
"dateReserved": "2018-11-28T00:00:00Z",
"dateUpdated": "2024-09-16T17:19:05.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3775 (GCVE-0-2021-3775)
Vulnerability from cvelistv5
Published
2021-11-13 09:25
Modified
2024-08-03 17:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Summary
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:08.744Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/67093c879a6563aa6ee08003177777d1975e2351"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/6a59d203-4ca7-4aed-bdb9-1e39b66c77b3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThanOrEqual": "2.9.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "showdoc is vulnerable to Cross-Site Request Forgery (CSRF)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-13T09:25:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/67093c879a6563aa6ee08003177777d1975e2351"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/6a59d203-4ca7-4aed-bdb9-1e39b66c77b3"
}
],
"source": {
"advisory": "6a59d203-4ca7-4aed-bdb9-1e39b66c77b3",
"discovery": "EXTERNAL"
},
"title": "Cross-Site Request Forgery (CSRF) in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3775",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Request Forgery (CSRF) in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.9.12"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "showdoc is vulnerable to Cross-Site Request Forgery (CSRF)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/star7th/showdoc/commit/67093c879a6563aa6ee08003177777d1975e2351",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/67093c879a6563aa6ee08003177777d1975e2351"
},
{
"name": "https://huntr.dev/bounties/6a59d203-4ca7-4aed-bdb9-1e39b66c77b3",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/6a59d203-4ca7-4aed-bdb9-1e39b66c77b3"
}
]
},
"source": {
"advisory": "6a59d203-4ca7-4aed-bdb9-1e39b66c77b3",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3775",
"datePublished": "2021-11-13T09:25:10",
"dateReserved": "2021-09-06T00:00:00",
"dateUpdated": "2024-08-03T17:09:08.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3990 (GCVE-0-2021-3990)
Vulnerability from cvelistv5
Published
2021-12-01 10:50
Modified
2024-08-03 17:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Summary
showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Version: unspecified < 2.9.13 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:03.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/0680067d-56a7-4412-b06e-a267e850ae9f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/a9886f26c08225e0adca75c67dfca3f7c42b87d0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "2.9.13",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-01T10:50:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/0680067d-56a7-4412-b06e-a267e850ae9f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/a9886f26c08225e0adca75c67dfca3f7c42b87d0"
}
],
"source": {
"advisory": "0680067d-56a7-4412-b06e-a267e850ae9f",
"discovery": "EXTERNAL"
},
"title": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3990",
"STATE": "PUBLIC",
"TITLE": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.9.13"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/0680067d-56a7-4412-b06e-a267e850ae9f",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/0680067d-56a7-4412-b06e-a267e850ae9f"
},
{
"name": "https://github.com/star7th/showdoc/commit/a9886f26c08225e0adca75c67dfca3f7c42b87d0",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/a9886f26c08225e0adca75c67dfca3f7c42b87d0"
}
]
},
"source": {
"advisory": "0680067d-56a7-4412-b06e-a267e850ae9f",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3990",
"datePublished": "2021-12-01T10:50:10",
"dateReserved": "2021-11-20T00:00:00",
"dateUpdated": "2024-08-03T17:16:03.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1034 (GCVE-0-2022-1034)
Vulnerability from cvelistv5
Published
2022-03-22 07:55
Modified
2024-08-02 23:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Summary
There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Version: unspecified < 2.10.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.259Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/d205c489-3266-4ac4-acb7-c8ee570887f7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/bd792a89c0325836fbd64784f4c4117c0171416b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "2.10.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-22T07:55:09",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/d205c489-3266-4ac4-acb7-c8ee570887f7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/bd792a89c0325836fbd64784f4c4117c0171416b"
}
],
"source": {
"advisory": "d205c489-3266-4ac4-acb7-c8ee570887f7",
"discovery": "EXTERNAL"
},
"title": "There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1034",
"STATE": "PUBLIC",
"TITLE": "There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.10.4"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/d205c489-3266-4ac4-acb7-c8ee570887f7",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/d205c489-3266-4ac4-acb7-c8ee570887f7"
},
{
"name": "https://github.com/star7th/showdoc/commit/bd792a89c0325836fbd64784f4c4117c0171416b",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/bd792a89c0325836fbd64784f4c4117c0171416b"
}
]
},
"source": {
"advisory": "d205c489-3266-4ac4-acb7-c8ee570887f7",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1034",
"datePublished": "2022-03-22T07:55:10",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-08-02T23:47:43.259Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0880 (GCVE-0-2022-0880)
Vulnerability from cvelistv5
Published
2022-03-12 03:55
Modified
2024-08-02 23:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Version: unspecified < 2.10.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:04.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/df347aa9-ed9b-4f75-af99-c83b8aad3bcf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/818d7fe731f452acccacf731ce47ec27ad68049c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "2.10.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-12T03:55:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/df347aa9-ed9b-4f75-af99-c83b8aad3bcf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/818d7fe731f452acccacf731ce47ec27ad68049c"
}
],
"source": {
"advisory": "df347aa9-ed9b-4f75-af99-c83b8aad3bcf",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0880",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.10.2"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/df347aa9-ed9b-4f75-af99-c83b8aad3bcf",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/df347aa9-ed9b-4f75-af99-c83b8aad3bcf"
},
{
"name": "https://github.com/star7th/showdoc/commit/818d7fe731f452acccacf731ce47ec27ad68049c",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/818d7fe731f452acccacf731ce47ec27ad68049c"
}
]
},
"source": {
"advisory": "df347aa9-ed9b-4f75-af99-c83b8aad3bcf",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0880",
"datePublished": "2022-03-12T03:55:10",
"dateReserved": "2022-03-08T00:00:00",
"dateUpdated": "2024-08-02T23:40:04.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0941 (GCVE-0-2022-0941)
Vulnerability from cvelistv5
Published
2022-03-14 12:25
Modified
2024-08-02 23:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Version: unspecified < v2.10.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/040a910e-e689-4fcb-9e4f-95206515d1bc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/4b6e6603c714aab1de346c5f5cb0bbb4c871be1f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "v2.10.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-14T12:25:09",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/040a910e-e689-4fcb-9e4f-95206515d1bc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/4b6e6603c714aab1de346c5f5cb0bbb4c871be1f"
}
],
"source": {
"advisory": "040a910e-e689-4fcb-9e4f-95206515d1bc",
"discovery": "EXTERNAL"
},
"title": "Stored XSS due to Unrestricted File Upload in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0941",
"STATE": "PUBLIC",
"TITLE": "Stored XSS due to Unrestricted File Upload in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.10.4"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/040a910e-e689-4fcb-9e4f-95206515d1bc",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/040a910e-e689-4fcb-9e4f-95206515d1bc"
},
{
"name": "https://github.com/star7th/showdoc/commit/4b6e6603c714aab1de346c5f5cb0bbb4c871be1f",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/4b6e6603c714aab1de346c5f5cb0bbb4c871be1f"
}
]
},
"source": {
"advisory": "040a910e-e689-4fcb-9e4f-95206515d1bc",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0941",
"datePublished": "2022-03-14T12:25:09",
"dateReserved": "2022-03-13T00:00:00",
"dateUpdated": "2024-08-02T23:47:43.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3680 (GCVE-0-2021-3680)
Vulnerability from cvelistv5
Published
2021-08-04 12:50
Modified
2024-08-03 17:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-325 - Missing Cryptographic Step
Summary
showdoc is vulnerable to Missing Cryptographic Step
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:08.348Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/4b962c1740311e0d46775023b6acba39ad60e370"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/76b49607-fba9-4100-9be7-cb459fe6cfe2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThanOrEqual": "2.9.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "showdoc is vulnerable to Missing Cryptographic Step"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-325",
"description": "CWE-325 Missing Cryptographic Step",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-04T12:50:47",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/4b962c1740311e0d46775023b6acba39ad60e370"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/76b49607-fba9-4100-9be7-cb459fe6cfe2"
}
],
"source": {
"advisory": "76b49607-fba9-4100-9be7-cb459fe6cfe2",
"discovery": "EXTERNAL"
},
"title": "Missing Cryptographic Step in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3680",
"STATE": "PUBLIC",
"TITLE": "Missing Cryptographic Step in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.9.7"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "showdoc is vulnerable to Missing Cryptographic Step"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-325 Missing Cryptographic Step"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/star7th/showdoc/commit/4b962c1740311e0d46775023b6acba39ad60e370",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/4b962c1740311e0d46775023b6acba39ad60e370"
},
{
"name": "https://huntr.dev/bounties/76b49607-fba9-4100-9be7-cb459fe6cfe2",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/76b49607-fba9-4100-9be7-cb459fe6cfe2"
}
]
},
"source": {
"advisory": "76b49607-fba9-4100-9be7-cb459fe6cfe2",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3680",
"datePublished": "2021-08-04T12:50:47",
"dateReserved": "2021-08-03T00:00:00",
"dateUpdated": "2024-08-03T17:01:08.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4017 (GCVE-0-2021-4017)
Vulnerability from cvelistv5
Published
2021-12-01 10:15
Modified
2024-08-03 17:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Summary
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Version: unspecified < v2.9.13 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:03.760Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/1d8439e8-b3f7-40f8-8b30-f9cb05ff2bcd"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/654e871a3923e79076818a9a03533fe88222c871"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "v2.9.13",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "showdoc is vulnerable to Cross-Site Request Forgery (CSRF)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-01T10:15:11",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/1d8439e8-b3f7-40f8-8b30-f9cb05ff2bcd"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/654e871a3923e79076818a9a03533fe88222c871"
}
],
"source": {
"advisory": "1d8439e8-b3f7-40f8-8b30-f9cb05ff2bcd",
"discovery": "EXTERNAL"
},
"title": "Cross-Site Request Forgery (CSRF) in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-4017",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Request Forgery (CSRF) in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.9.13"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "showdoc is vulnerable to Cross-Site Request Forgery (CSRF)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/1d8439e8-b3f7-40f8-8b30-f9cb05ff2bcd",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/1d8439e8-b3f7-40f8-8b30-f9cb05ff2bcd"
},
{
"name": "https://github.com/star7th/showdoc/commit/654e871a3923e79076818a9a03533fe88222c871",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/654e871a3923e79076818a9a03533fe88222c871"
}
]
},
"source": {
"advisory": "1d8439e8-b3f7-40f8-8b30-f9cb05ff2bcd",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-4017",
"datePublished": "2021-12-01T10:15:11",
"dateReserved": "2021-11-25T00:00:00",
"dateUpdated": "2024-08-03T17:16:03.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0960 (GCVE-0-2022-0960)
Vulnerability from cvelistv5
Published
2022-03-14 14:45
Modified
2024-08-02 23:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Summary
Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Version: unspecified < 2.10.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/462cd8a7-b1a9-4e93-af71-b56ba1d7ad4e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/92bc6a83a3a60e01a0d2effb98ab47d8d7eab28f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "2.10.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-14T14:45:13",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/462cd8a7-b1a9-4e93-af71-b56ba1d7ad4e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/92bc6a83a3a60e01a0d2effb98ab47d8d7eab28f"
}
],
"source": {
"advisory": "462cd8a7-b1a9-4e93-af71-b56ba1d7ad4e",
"discovery": "EXTERNAL"
},
"title": "Stored XSS viva .properties file upload in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0960",
"STATE": "PUBLIC",
"TITLE": "Stored XSS viva .properties file upload in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.10.4"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/462cd8a7-b1a9-4e93-af71-b56ba1d7ad4e",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/462cd8a7-b1a9-4e93-af71-b56ba1d7ad4e"
},
{
"name": "https://github.com/star7th/showdoc/commit/92bc6a83a3a60e01a0d2effb98ab47d8d7eab28f",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/92bc6a83a3a60e01a0d2effb98ab47d8d7eab28f"
}
]
},
"source": {
"advisory": "462cd8a7-b1a9-4e93-af71-b56ba1d7ad4e",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0960",
"datePublished": "2022-03-14T14:45:13",
"dateReserved": "2022-03-14T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36440 (GCVE-0-2021-36440)
Vulnerability from cvelistv5
Published
2021-09-08 20:18
Modified
2024-08-04 00:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to execute arbitrary code via the 'file_url' parameter in the component AdminUpdateController.class.php'.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:54:51.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/issues/1406"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to execute arbitrary code via the \u0027file_url\u0027 parameter in the component AdminUpdateController.class.php\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-08T20:18:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/issues/1406"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-36440",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to execute arbitrary code via the \u0027file_url\u0027 parameter in the component AdminUpdateController.class.php\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/star7th/showdoc/issues/1406",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/issues/1406"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36440",
"datePublished": "2021-09-08T20:18:25",
"dateReserved": "2021-07-12T00:00:00",
"dateUpdated": "2024-08-04T00:54:51.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0967 (GCVE-0-2022-0967)
Vulnerability from cvelistv5
Published
2022-03-15 15:35
Modified
2024-08-02 23:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Version: unspecified < 2.10.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/9dea3c98-7609-480d-902d-149067bd1e2a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/167198/Showdoc-2.10.3-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "2.10.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-17T18:06:14",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/9dea3c98-7609-480d-902d-149067bd1e2a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/167198/Showdoc-2.10.3-Cross-Site-Scripting.html"
}
],
"source": {
"advisory": "9dea3c98-7609-480d-902d-149067bd1e2a",
"discovery": "EXTERNAL"
},
"title": " Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0967",
"STATE": "PUBLIC",
"TITLE": " Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.10.4"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
},
{
"name": "https://huntr.dev/bounties/9dea3c98-7609-480d-902d-149067bd1e2a",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/9dea3c98-7609-480d-902d-149067bd1e2a"
},
{
"name": "http://packetstormsecurity.com/files/167198/Showdoc-2.10.3-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/167198/Showdoc-2.10.3-Cross-Site-Scripting.html"
}
]
},
"source": {
"advisory": "9dea3c98-7609-480d-902d-149067bd1e2a",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0967",
"datePublished": "2022-03-15T15:35:11",
"dateReserved": "2022-03-14T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0950 (GCVE-0-2022-0950)
Vulnerability from cvelistv5
Published
2022-03-15 08:20
Modified
2024-08-02 23:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Summary
Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Version: unspecified < 2.10.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/acc23996-bd57-448f-9eb4-05a8a046c2dc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/237ac6d43bf3728bf3587c486a23b4a48ea7acb3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "2.10.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T08:20:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/acc23996-bd57-448f-9eb4-05a8a046c2dc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/237ac6d43bf3728bf3587c486a23b4a48ea7acb3"
}
],
"source": {
"advisory": "acc23996-bd57-448f-9eb4-05a8a046c2dc",
"discovery": "EXTERNAL"
},
"title": "Unrestricted Upload of File with Dangerous Type in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0950",
"STATE": "PUBLIC",
"TITLE": "Unrestricted Upload of File with Dangerous Type in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.10.4"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/acc23996-bd57-448f-9eb4-05a8a046c2dc",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/acc23996-bd57-448f-9eb4-05a8a046c2dc"
},
{
"name": "https://github.com/star7th/showdoc/commit/237ac6d43bf3728bf3587c486a23b4a48ea7acb3",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/237ac6d43bf3728bf3587c486a23b4a48ea7acb3"
}
]
},
"source": {
"advisory": "acc23996-bd57-448f-9eb4-05a8a046c2dc",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0950",
"datePublished": "2022-03-15T08:20:10",
"dateReserved": "2022-03-14T00:00:00",
"dateUpdated": "2024-08-02T23:47:43.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0942 (GCVE-0-2022-0942)
Vulnerability from cvelistv5
Published
2022-03-15 13:40
Modified
2024-08-02 23:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to 2.10.4.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Version: unspecified < 2.10.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/a412707c-18da-4c84-adc0-9801ed8068c9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "2.10.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to 2.10.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T13:40:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/a412707c-18da-4c84-adc0-9801ed8068c9"
}
],
"source": {
"advisory": "a412707c-18da-4c84-adc0-9801ed8068c9",
"discovery": "EXTERNAL"
},
"title": "Stored XSS due to Unrestricted File Upload in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0942",
"STATE": "PUBLIC",
"TITLE": "Stored XSS due to Unrestricted File Upload in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.10.4"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to 2.10.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
},
{
"name": "https://huntr.dev/bounties/a412707c-18da-4c84-adc0-9801ed8068c9",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/a412707c-18da-4c84-adc0-9801ed8068c9"
}
]
},
"source": {
"advisory": "a412707c-18da-4c84-adc0-9801ed8068c9",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0942",
"datePublished": "2022-03-15T13:40:10",
"dateReserved": "2022-03-13T00:00:00",
"dateUpdated": "2024-08-02T23:47:43.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0964 (GCVE-0-2022-0964)
Vulnerability from cvelistv5
Published
2022-03-15 15:35
Modified
2024-08-02 23:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Stored XSS viva .webmv file upload in GitHub repository star7th/showdoc prior to 2.10.4.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Version: unspecified < 2.10.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.228Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/dbe39998-8eb7-46ea-997f-7b27f6f16ea0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "2.10.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS viva .webmv file upload in GitHub repository star7th/showdoc prior to 2.10.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T15:35:29",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/dbe39998-8eb7-46ea-997f-7b27f6f16ea0"
}
],
"source": {
"advisory": "dbe39998-8eb7-46ea-997f-7b27f6f16ea0",
"discovery": "EXTERNAL"
},
"title": "Stored XSS viva .webmv file upload in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0964",
"STATE": "PUBLIC",
"TITLE": "Stored XSS viva .webmv file upload in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.10.4"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS viva .webmv file upload in GitHub repository star7th/showdoc prior to 2.10.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
},
{
"name": "https://huntr.dev/bounties/dbe39998-8eb7-46ea-997f-7b27f6f16ea0",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/dbe39998-8eb7-46ea-997f-7b27f6f16ea0"
}
]
},
"source": {
"advisory": "dbe39998-8eb7-46ea-997f-7b27f6f16ea0",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0964",
"datePublished": "2022-03-15T15:35:29",
"dateReserved": "2022-03-14T00:00:00",
"dateUpdated": "2024-08-02T23:47:43.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3993 (GCVE-0-2021-3993)
Vulnerability from cvelistv5
Published
2021-12-01 10:40
Modified
2024-08-03 17:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Summary
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Version: unspecified < v2.9.13 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:02.867Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/654e871a3923e79076818a9a03533fe88222c871"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/0aa84736-139b-4ae7-becf-604f7f60b1c9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "v2.9.13",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "showdoc is vulnerable to Cross-Site Request Forgery (CSRF)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-01T10:40:09",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/654e871a3923e79076818a9a03533fe88222c871"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/0aa84736-139b-4ae7-becf-604f7f60b1c9"
}
],
"source": {
"advisory": "0aa84736-139b-4ae7-becf-604f7f60b1c9",
"discovery": "EXTERNAL"
},
"title": "Cross-Site Request Forgery (CSRF) in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3993",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Request Forgery (CSRF) in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.9.13"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "showdoc is vulnerable to Cross-Site Request Forgery (CSRF)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/star7th/showdoc/commit/654e871a3923e79076818a9a03533fe88222c871",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/654e871a3923e79076818a9a03533fe88222c871"
},
{
"name": "https://huntr.dev/bounties/0aa84736-139b-4ae7-becf-604f7f60b1c9",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/0aa84736-139b-4ae7-becf-604f7f60b1c9"
}
]
},
"source": {
"advisory": "0aa84736-139b-4ae7-becf-604f7f60b1c9",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3993",
"datePublished": "2021-12-01T10:40:09",
"dateReserved": "2021-11-22T00:00:00",
"dateUpdated": "2024-08-03T17:16:02.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0962 (GCVE-0-2022-0962)
Vulnerability from cvelistv5
Published
2022-03-14 15:30
Modified
2024-08-02 23:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Summary
Stored XSS viva .webma file upload in GitHub repository star7th/showdoc prior to 2.10.4.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Version: unspecified < 2.10.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/7ebe3e5f-2c86-44de-b83e-2ddb6bbda908"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "2.10.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS viva .webma file upload in GitHub repository star7th/showdoc prior to 2.10.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-14T15:30:14",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/7ebe3e5f-2c86-44de-b83e-2ddb6bbda908"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
}
],
"source": {
"advisory": "7ebe3e5f-2c86-44de-b83e-2ddb6bbda908",
"discovery": "EXTERNAL"
},
"title": "Stored XSS viva .webma file upload in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0962",
"STATE": "PUBLIC",
"TITLE": "Stored XSS viva .webma file upload in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.10.4"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS viva .webma file upload in GitHub repository star7th/showdoc prior to 2.10.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/7ebe3e5f-2c86-44de-b83e-2ddb6bbda908",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/7ebe3e5f-2c86-44de-b83e-2ddb6bbda908"
},
{
"name": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
}
]
},
"source": {
"advisory": "7ebe3e5f-2c86-44de-b83e-2ddb6bbda908",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0962",
"datePublished": "2022-03-14T15:30:15",
"dateReserved": "2022-03-14T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0966 (GCVE-0-2022-0966)
Vulnerability from cvelistv5
Published
2022-03-15 15:35
Modified
2024-08-02 23:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Stored XSS via File Upload in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.4.10.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Version: unspecified < 2.4.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/e06c0d55-00a3-4f82-a009-0310b2e402fe"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "2.4.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS via File Upload in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.4.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T15:35:17",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/e06c0d55-00a3-4f82-a009-0310b2e402fe"
}
],
"source": {
"advisory": "e06c0d55-00a3-4f82-a009-0310b2e402fe",
"discovery": "EXTERNAL"
},
"title": "Stored XSS via File Upload in star7th/showdoc in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0966",
"STATE": "PUBLIC",
"TITLE": "Stored XSS via File Upload in star7th/showdoc in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.4.10"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS via File Upload in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.4.10."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
},
{
"name": "https://huntr.dev/bounties/e06c0d55-00a3-4f82-a009-0310b2e402fe",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/e06c0d55-00a3-4f82-a009-0310b2e402fe"
}
]
},
"source": {
"advisory": "e06c0d55-00a3-4f82-a009-0310b2e402fe",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0966",
"datePublished": "2022-03-15T15:35:17",
"dateReserved": "2022-03-14T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}