Search criteria
42 vulnerabilities by showdoc
CVE-2025-0520 (GCVE-0-2025-0520)
Vulnerability from cvelistv5 – Published: 2025-04-29 19:35 – Updated: 2025-11-19 20:29
VLAI?
Title
ShowDoc < 2.8.7 Unauthenticated File Upload Remote Code Execution
Summary
An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: before 2.8.7.
Severity ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0520",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-29T20:38:44.727309Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T20:41:34.177Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ShowDoc",
"vendor": "ShowDoc",
"versions": [
{
"lessThan": "2.8.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:showdoc:showdoc:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.8.7",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.\u003cp\u003eThis issue affects ShowDoc: before 2.8.7.\u003c/p\u003e"
}
],
"value": "An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: before 2.8.7."
}
],
"impacts": [
{
"capecId": "CAPEC-650",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-650 Upload a Web Shell to a Web Server"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T20:29:09.159Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/vulhub/vulhub/tree/master/showdoc/CNVD-2020-26585"
},
{
"tags": [
"patch",
"issue-tracking"
],
"url": "https://github.com/star7th/showdoc/pull/1059"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cnvd.org.cn/flaw/show/CNVD-2020-26585"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/showdoc-unauthenticated-file-upload-rce"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ShowDoc \u003c 2.8.7 Unauthenticated File Upload Remote Code Execution",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-0520",
"datePublished": "2025-04-29T19:35:37.829Z",
"dateReserved": "2025-01-16T17:23:23.838Z",
"dateUpdated": "2025-11-19T20:29:09.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-1034 (GCVE-0-2022-1034)
Vulnerability from cvelistv5 – Published: 2022-03-22 07:55 – Updated: 2024-08-02 23:47
VLAI?
Title
There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in star7th/showdoc
Summary
There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4.
Severity ?
9.1 (Critical)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Affected:
unspecified , < 2.10.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.259Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/d205c489-3266-4ac4-acb7-c8ee570887f7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/bd792a89c0325836fbd64784f4c4117c0171416b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "2.10.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-22T07:55:09",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/d205c489-3266-4ac4-acb7-c8ee570887f7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/bd792a89c0325836fbd64784f4c4117c0171416b"
}
],
"source": {
"advisory": "d205c489-3266-4ac4-acb7-c8ee570887f7",
"discovery": "EXTERNAL"
},
"title": "There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1034",
"STATE": "PUBLIC",
"TITLE": "There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.10.4"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/d205c489-3266-4ac4-acb7-c8ee570887f7",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/d205c489-3266-4ac4-acb7-c8ee570887f7"
},
{
"name": "https://github.com/star7th/showdoc/commit/bd792a89c0325836fbd64784f4c4117c0171416b",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/bd792a89c0325836fbd64784f4c4117c0171416b"
}
]
},
"source": {
"advisory": "d205c489-3266-4ac4-acb7-c8ee570887f7",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1034",
"datePublished": "2022-03-22T07:55:10",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-08-02T23:47:43.259Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0964 (GCVE-0-2022-0964)
Vulnerability from cvelistv5 – Published: 2022-03-15 15:35 – Updated: 2024-08-02 23:47
VLAI?
Title
Stored XSS viva .webmv file upload in star7th/showdoc
Summary
Stored XSS viva .webmv file upload in GitHub repository star7th/showdoc prior to 2.10.4.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Affected:
unspecified , < 2.10.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.228Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/dbe39998-8eb7-46ea-997f-7b27f6f16ea0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "2.10.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS viva .webmv file upload in GitHub repository star7th/showdoc prior to 2.10.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T15:35:29",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/dbe39998-8eb7-46ea-997f-7b27f6f16ea0"
}
],
"source": {
"advisory": "dbe39998-8eb7-46ea-997f-7b27f6f16ea0",
"discovery": "EXTERNAL"
},
"title": "Stored XSS viva .webmv file upload in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0964",
"STATE": "PUBLIC",
"TITLE": "Stored XSS viva .webmv file upload in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.10.4"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS viva .webmv file upload in GitHub repository star7th/showdoc prior to 2.10.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
},
{
"name": "https://huntr.dev/bounties/dbe39998-8eb7-46ea-997f-7b27f6f16ea0",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/dbe39998-8eb7-46ea-997f-7b27f6f16ea0"
}
]
},
"source": {
"advisory": "dbe39998-8eb7-46ea-997f-7b27f6f16ea0",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0964",
"datePublished": "2022-03-15T15:35:29",
"dateReserved": "2022-03-14T00:00:00",
"dateUpdated": "2024-08-02T23:47:43.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0965 (GCVE-0-2022-0965)
Vulnerability from cvelistv5 – Published: 2022-03-15 15:35 – Updated: 2024-08-02 23:47
VLAI?
Title
Stored XSS viva .ofd file upload in star7th/showdoc
Summary
Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc prior to 2.10.4.
Severity ?
9 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Affected:
unspecified , < 2.10.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.789Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/d66c88ce-63e2-4515-a429-8e43a42aa347"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "2.10.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc prior to 2.10.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T15:35:23",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/d66c88ce-63e2-4515-a429-8e43a42aa347"
}
],
"source": {
"advisory": "d66c88ce-63e2-4515-a429-8e43a42aa347",
"discovery": "EXTERNAL"
},
"title": "Stored XSS viva .ofd file upload in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0965",
"STATE": "PUBLIC",
"TITLE": "Stored XSS viva .ofd file upload in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.10.4"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc prior to 2.10.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
},
{
"name": "https://huntr.dev/bounties/d66c88ce-63e2-4515-a429-8e43a42aa347",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/d66c88ce-63e2-4515-a429-8e43a42aa347"
}
]
},
"source": {
"advisory": "d66c88ce-63e2-4515-a429-8e43a42aa347",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0965",
"datePublished": "2022-03-15T15:35:23",
"dateReserved": "2022-03-14T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0966 (GCVE-0-2022-0966)
Vulnerability from cvelistv5 – Published: 2022-03-15 15:35 – Updated: 2024-08-02 23:47
VLAI?
Title
Stored XSS via File Upload in star7th/showdoc in star7th/showdoc
Summary
Stored XSS via File Upload in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.4.10.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Affected:
unspecified , < 2.4.10
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/e06c0d55-00a3-4f82-a009-0310b2e402fe"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "2.4.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS via File Upload in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.4.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T15:35:17",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/e06c0d55-00a3-4f82-a009-0310b2e402fe"
}
],
"source": {
"advisory": "e06c0d55-00a3-4f82-a009-0310b2e402fe",
"discovery": "EXTERNAL"
},
"title": "Stored XSS via File Upload in star7th/showdoc in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0966",
"STATE": "PUBLIC",
"TITLE": "Stored XSS via File Upload in star7th/showdoc in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.4.10"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS via File Upload in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.4.10."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
},
{
"name": "https://huntr.dev/bounties/e06c0d55-00a3-4f82-a009-0310b2e402fe",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/e06c0d55-00a3-4f82-a009-0310b2e402fe"
}
]
},
"source": {
"advisory": "e06c0d55-00a3-4f82-a009-0310b2e402fe",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0966",
"datePublished": "2022-03-15T15:35:17",
"dateReserved": "2022-03-14T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0967 (GCVE-0-2022-0967)
Vulnerability from cvelistv5 – Published: 2022-03-15 15:35 – Updated: 2024-08-02 23:47
VLAI?
Title
Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in star7th/showdoc
Summary
Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4.
Severity ?
6.9 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Affected:
unspecified , < 2.10.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/9dea3c98-7609-480d-902d-149067bd1e2a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/167198/Showdoc-2.10.3-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "2.10.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-17T18:06:14",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/9dea3c98-7609-480d-902d-149067bd1e2a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/167198/Showdoc-2.10.3-Cross-Site-Scripting.html"
}
],
"source": {
"advisory": "9dea3c98-7609-480d-902d-149067bd1e2a",
"discovery": "EXTERNAL"
},
"title": " Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0967",
"STATE": "PUBLIC",
"TITLE": " Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.10.4"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
},
{
"name": "https://huntr.dev/bounties/9dea3c98-7609-480d-902d-149067bd1e2a",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/9dea3c98-7609-480d-902d-149067bd1e2a"
},
{
"name": "http://packetstormsecurity.com/files/167198/Showdoc-2.10.3-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/167198/Showdoc-2.10.3-Cross-Site-Scripting.html"
}
]
},
"source": {
"advisory": "9dea3c98-7609-480d-902d-149067bd1e2a",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0967",
"datePublished": "2022-03-15T15:35:11",
"dateReserved": "2022-03-14T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0942 (GCVE-0-2022-0942)
Vulnerability from cvelistv5 – Published: 2022-03-15 13:40 – Updated: 2024-08-02 23:47
VLAI?
Title
Stored XSS due to Unrestricted File Upload in star7th/showdoc
Summary
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to 2.10.4.
Severity ?
9.4 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Affected:
unspecified , < 2.10.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/a412707c-18da-4c84-adc0-9801ed8068c9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "2.10.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to 2.10.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T13:40:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/a412707c-18da-4c84-adc0-9801ed8068c9"
}
],
"source": {
"advisory": "a412707c-18da-4c84-adc0-9801ed8068c9",
"discovery": "EXTERNAL"
},
"title": "Stored XSS due to Unrestricted File Upload in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0942",
"STATE": "PUBLIC",
"TITLE": "Stored XSS due to Unrestricted File Upload in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.10.4"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to 2.10.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
},
{
"name": "https://huntr.dev/bounties/a412707c-18da-4c84-adc0-9801ed8068c9",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/a412707c-18da-4c84-adc0-9801ed8068c9"
}
]
},
"source": {
"advisory": "a412707c-18da-4c84-adc0-9801ed8068c9",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0942",
"datePublished": "2022-03-15T13:40:10",
"dateReserved": "2022-03-13T00:00:00",
"dateUpdated": "2024-08-02T23:47:43.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0957 (GCVE-0-2022-0957)
Vulnerability from cvelistv5 – Published: 2022-03-15 12:30 – Updated: 2024-08-02 23:47
VLAI?
Title
Stored XSS via File Upload in star7th/showdoc
Summary
Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4.
Severity ?
7.6 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Affected:
unspecified , < 2.10.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.901Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/b4918d45-b635-40db-bb4b-34035e1aca21"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/d1c9ed0d77ea5d56f09be0c492361dca8af745bb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "2.10.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T12:30:12",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/b4918d45-b635-40db-bb4b-34035e1aca21"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/d1c9ed0d77ea5d56f09be0c492361dca8af745bb"
}
],
"source": {
"advisory": "b4918d45-b635-40db-bb4b-34035e1aca21",
"discovery": "EXTERNAL"
},
"title": "Stored XSS via File Upload in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0957",
"STATE": "PUBLIC",
"TITLE": "Stored XSS via File Upload in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.10.4"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/b4918d45-b635-40db-bb4b-34035e1aca21",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/b4918d45-b635-40db-bb4b-34035e1aca21"
},
{
"name": "https://github.com/star7th/showdoc/commit/d1c9ed0d77ea5d56f09be0c492361dca8af745bb",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/d1c9ed0d77ea5d56f09be0c492361dca8af745bb"
}
]
},
"source": {
"advisory": "b4918d45-b635-40db-bb4b-34035e1aca21",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0957",
"datePublished": "2022-03-15T12:30:12",
"dateReserved": "2022-03-14T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0956 (GCVE-0-2022-0956)
Vulnerability from cvelistv5 – Published: 2022-03-15 12:20 – Updated: 2024-08-02 23:47
VLAI?
Title
Stored XSS via File Upload in star7th/showdoc
Summary
Stored XSS via File Upload in GitHub repository star7th/showdoc prior to v.2.10.4.
Severity ?
7.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Affected:
unspecified , < v.2.10.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/5b0e3f02-309f-4b59-8020-d7ac0f1999f2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/56e450c3adf75c707500d7231a78c9fc894c7f13"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "v.2.10.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS via File Upload in GitHub repository star7th/showdoc prior to v.2.10.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T12:20:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/5b0e3f02-309f-4b59-8020-d7ac0f1999f2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/56e450c3adf75c707500d7231a78c9fc894c7f13"
}
],
"source": {
"advisory": "5b0e3f02-309f-4b59-8020-d7ac0f1999f2",
"discovery": "EXTERNAL"
},
"title": "Stored XSS via File Upload in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0956",
"STATE": "PUBLIC",
"TITLE": "Stored XSS via File Upload in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v.2.10.4"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS via File Upload in GitHub repository star7th/showdoc prior to v.2.10.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/5b0e3f02-309f-4b59-8020-d7ac0f1999f2",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/5b0e3f02-309f-4b59-8020-d7ac0f1999f2"
},
{
"name": "https://github.com/star7th/showdoc/commit/56e450c3adf75c707500d7231a78c9fc894c7f13",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/56e450c3adf75c707500d7231a78c9fc894c7f13"
}
]
},
"source": {
"advisory": "5b0e3f02-309f-4b59-8020-d7ac0f1999f2",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0956",
"datePublished": "2022-03-15T12:20:10",
"dateReserved": "2022-03-14T00:00:00",
"dateUpdated": "2024-08-02T23:47:43.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0951 (GCVE-0-2022-0951)
Vulnerability from cvelistv5 – Published: 2022-03-15 08:20 – Updated: 2024-08-02 23:47
VLAI?
Title
File Upload Restriction Bypass leading to Stored XSS Vulnerability in star7th/showdoc
Summary
File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4.
Severity ?
8.2 (High)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Affected:
unspecified , < 2.10.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.353Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/237ac6d43bf3728bf3587c486a23b4a48ea7acb3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/b3a983a3-17f9-4aa8-92d7-8a0c92a93932"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "2.10.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T08:20:15",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/237ac6d43bf3728bf3587c486a23b4a48ea7acb3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/b3a983a3-17f9-4aa8-92d7-8a0c92a93932"
}
],
"source": {
"advisory": "b3a983a3-17f9-4aa8-92d7-8a0c92a93932",
"discovery": "EXTERNAL"
},
"title": "File Upload Restriction Bypass leading to Stored XSS Vulnerability in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0951",
"STATE": "PUBLIC",
"TITLE": "File Upload Restriction Bypass leading to Stored XSS Vulnerability in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.10.4"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/star7th/showdoc/commit/237ac6d43bf3728bf3587c486a23b4a48ea7acb3",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/237ac6d43bf3728bf3587c486a23b4a48ea7acb3"
},
{
"name": "https://huntr.dev/bounties/b3a983a3-17f9-4aa8-92d7-8a0c92a93932",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/b3a983a3-17f9-4aa8-92d7-8a0c92a93932"
}
]
},
"source": {
"advisory": "b3a983a3-17f9-4aa8-92d7-8a0c92a93932",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0951",
"datePublished": "2022-03-15T08:20:15",
"dateReserved": "2022-03-14T00:00:00",
"dateUpdated": "2024-08-02T23:47:43.353Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0950 (GCVE-0-2022-0950)
Vulnerability from cvelistv5 – Published: 2022-03-15 08:20 – Updated: 2024-08-02 23:47
VLAI?
Title
Unrestricted Upload of File with Dangerous Type in star7th/showdoc
Summary
Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4.
Severity ?
6.5 (Medium)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Affected:
unspecified , < 2.10.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/acc23996-bd57-448f-9eb4-05a8a046c2dc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/237ac6d43bf3728bf3587c486a23b4a48ea7acb3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "2.10.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T08:20:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/acc23996-bd57-448f-9eb4-05a8a046c2dc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/237ac6d43bf3728bf3587c486a23b4a48ea7acb3"
}
],
"source": {
"advisory": "acc23996-bd57-448f-9eb4-05a8a046c2dc",
"discovery": "EXTERNAL"
},
"title": "Unrestricted Upload of File with Dangerous Type in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0950",
"STATE": "PUBLIC",
"TITLE": "Unrestricted Upload of File with Dangerous Type in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.10.4"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/acc23996-bd57-448f-9eb4-05a8a046c2dc",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/acc23996-bd57-448f-9eb4-05a8a046c2dc"
},
{
"name": "https://github.com/star7th/showdoc/commit/237ac6d43bf3728bf3587c486a23b4a48ea7acb3",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/237ac6d43bf3728bf3587c486a23b4a48ea7acb3"
}
]
},
"source": {
"advisory": "acc23996-bd57-448f-9eb4-05a8a046c2dc",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0950",
"datePublished": "2022-03-15T08:20:10",
"dateReserved": "2022-03-14T00:00:00",
"dateUpdated": "2024-08-02T23:47:43.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0945 (GCVE-0-2022-0945)
Vulnerability from cvelistv5 – Published: 2022-03-15 03:50 – Updated: 2024-08-02 23:47
VLAI?
Title
Stored XSS viva axd and cshtml file upload in star7th/showdoc in star7th/showdoc
Summary
Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4.
Severity ?
9 (Critical)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Affected:
unspecified , < v2.10.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.758Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/8702e2bf-4af2-4391-b651-c8c89e7d089e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/ba45d19e1d77a7eea866dab30eff5da552694891"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "v2.10.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T03:50:35",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/8702e2bf-4af2-4391-b651-c8c89e7d089e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/ba45d19e1d77a7eea866dab30eff5da552694891"
}
],
"source": {
"advisory": "8702e2bf-4af2-4391-b651-c8c89e7d089e",
"discovery": "EXTERNAL"
},
"title": "Stored XSS viva axd and cshtml file upload in star7th/showdoc in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0945",
"STATE": "PUBLIC",
"TITLE": "Stored XSS viva axd and cshtml file upload in star7th/showdoc in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.10.4"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/8702e2bf-4af2-4391-b651-c8c89e7d089e",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/8702e2bf-4af2-4391-b651-c8c89e7d089e"
},
{
"name": "https://github.com/star7th/showdoc/commit/ba45d19e1d77a7eea866dab30eff5da552694891",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/ba45d19e1d77a7eea866dab30eff5da552694891"
}
]
},
"source": {
"advisory": "8702e2bf-4af2-4391-b651-c8c89e7d089e",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0945",
"datePublished": "2022-03-15T03:50:35",
"dateReserved": "2022-03-14T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0962 (GCVE-0-2022-0962)
Vulnerability from cvelistv5 – Published: 2022-03-14 15:30 – Updated: 2024-08-02 23:47
VLAI?
Title
Stored XSS viva .webma file upload in star7th/showdoc
Summary
Stored XSS viva .webma file upload in GitHub repository star7th/showdoc prior to 2.10.4.
Severity ?
9 (Critical)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Affected:
unspecified , < 2.10.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/7ebe3e5f-2c86-44de-b83e-2ddb6bbda908"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "2.10.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS viva .webma file upload in GitHub repository star7th/showdoc prior to 2.10.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-14T15:30:14",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/7ebe3e5f-2c86-44de-b83e-2ddb6bbda908"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
}
],
"source": {
"advisory": "7ebe3e5f-2c86-44de-b83e-2ddb6bbda908",
"discovery": "EXTERNAL"
},
"title": "Stored XSS viva .webma file upload in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0962",
"STATE": "PUBLIC",
"TITLE": "Stored XSS viva .webma file upload in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.10.4"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS viva .webma file upload in GitHub repository star7th/showdoc prior to 2.10.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/7ebe3e5f-2c86-44de-b83e-2ddb6bbda908",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/7ebe3e5f-2c86-44de-b83e-2ddb6bbda908"
},
{
"name": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
}
]
},
"source": {
"advisory": "7ebe3e5f-2c86-44de-b83e-2ddb6bbda908",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0962",
"datePublished": "2022-03-14T15:30:15",
"dateReserved": "2022-03-14T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0960 (GCVE-0-2022-0960)
Vulnerability from cvelistv5 – Published: 2022-03-14 14:45 – Updated: 2024-08-02 23:47
VLAI?
Title
Stored XSS viva .properties file upload in star7th/showdoc
Summary
Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4.
Severity ?
9 (Critical)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Affected:
unspecified , < 2.10.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/462cd8a7-b1a9-4e93-af71-b56ba1d7ad4e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/92bc6a83a3a60e01a0d2effb98ab47d8d7eab28f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "2.10.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-14T14:45:13",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/462cd8a7-b1a9-4e93-af71-b56ba1d7ad4e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/92bc6a83a3a60e01a0d2effb98ab47d8d7eab28f"
}
],
"source": {
"advisory": "462cd8a7-b1a9-4e93-af71-b56ba1d7ad4e",
"discovery": "EXTERNAL"
},
"title": "Stored XSS viva .properties file upload in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0960",
"STATE": "PUBLIC",
"TITLE": "Stored XSS viva .properties file upload in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.10.4"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/462cd8a7-b1a9-4e93-af71-b56ba1d7ad4e",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/462cd8a7-b1a9-4e93-af71-b56ba1d7ad4e"
},
{
"name": "https://github.com/star7th/showdoc/commit/92bc6a83a3a60e01a0d2effb98ab47d8d7eab28f",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/92bc6a83a3a60e01a0d2effb98ab47d8d7eab28f"
}
]
},
"source": {
"advisory": "462cd8a7-b1a9-4e93-af71-b56ba1d7ad4e",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0960",
"datePublished": "2022-03-14T14:45:13",
"dateReserved": "2022-03-14T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0946 (GCVE-0-2022-0946)
Vulnerability from cvelistv5 – Published: 2022-03-14 13:20 – Updated: 2024-08-02 23:47
VLAI?
Title
Stored XSS viva cshtm file upload in star7th/showdoc
Summary
Stored XSS viva cshtm file upload in GitHub repository star7th/showdoc prior to v2.10.4.
Severity ?
9 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Affected:
unspecified , < v2.10.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/1f8f0021-396e-428e-9748-dd4e359715e1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/e5d575928b1371a7e07b09b6592822298335062a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "v2.10.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS viva cshtm file upload in GitHub repository star7th/showdoc prior to v2.10.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-14T13:20:08",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/1f8f0021-396e-428e-9748-dd4e359715e1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/e5d575928b1371a7e07b09b6592822298335062a"
}
],
"source": {
"advisory": "1f8f0021-396e-428e-9748-dd4e359715e1",
"discovery": "EXTERNAL"
},
"title": "Stored XSS viva cshtm file upload in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0946",
"STATE": "PUBLIC",
"TITLE": "Stored XSS viva cshtm file upload in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.10.4"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS viva cshtm file upload in GitHub repository star7th/showdoc prior to v2.10.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/1f8f0021-396e-428e-9748-dd4e359715e1",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/1f8f0021-396e-428e-9748-dd4e359715e1"
},
{
"name": "https://github.com/star7th/showdoc/commit/e5d575928b1371a7e07b09b6592822298335062a",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/e5d575928b1371a7e07b09b6592822298335062a"
}
]
},
"source": {
"advisory": "1f8f0021-396e-428e-9748-dd4e359715e1",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0946",
"datePublished": "2022-03-14T13:20:08",
"dateReserved": "2022-03-14T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0941 (GCVE-0-2022-0941)
Vulnerability from cvelistv5 – Published: 2022-03-14 12:25 – Updated: 2024-08-02 23:47
VLAI?
Title
Stored XSS due to Unrestricted File Upload in star7th/showdoc
Summary
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4.
Severity ?
7.3 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Affected:
unspecified , < v2.10.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/040a910e-e689-4fcb-9e4f-95206515d1bc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/4b6e6603c714aab1de346c5f5cb0bbb4c871be1f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "v2.10.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-14T12:25:09",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/040a910e-e689-4fcb-9e4f-95206515d1bc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/4b6e6603c714aab1de346c5f5cb0bbb4c871be1f"
}
],
"source": {
"advisory": "040a910e-e689-4fcb-9e4f-95206515d1bc",
"discovery": "EXTERNAL"
},
"title": "Stored XSS due to Unrestricted File Upload in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0941",
"STATE": "PUBLIC",
"TITLE": "Stored XSS due to Unrestricted File Upload in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.10.4"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/040a910e-e689-4fcb-9e4f-95206515d1bc",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/040a910e-e689-4fcb-9e4f-95206515d1bc"
},
{
"name": "https://github.com/star7th/showdoc/commit/4b6e6603c714aab1de346c5f5cb0bbb4c871be1f",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/4b6e6603c714aab1de346c5f5cb0bbb4c871be1f"
}
]
},
"source": {
"advisory": "040a910e-e689-4fcb-9e4f-95206515d1bc",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0941",
"datePublished": "2022-03-14T12:25:09",
"dateReserved": "2022-03-13T00:00:00",
"dateUpdated": "2024-08-02T23:47:43.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0940 (GCVE-0-2022-0940)
Vulnerability from cvelistv5 – Published: 2022-03-14 10:45 – Updated: 2024-08-02 23:47
VLAI?
Title
Stored XSS due to Unrestricted File Upload in star7th/showdoc
Summary
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4.
Severity ?
6.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Affected:
unspecified , < v2.10.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/856bd2e2-db4f-4b7d-9927-222261ae3782"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/78522520892d4e29cc94148c6ec84a204a607b73"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "v2.10.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-14T10:45:12",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/856bd2e2-db4f-4b7d-9927-222261ae3782"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/78522520892d4e29cc94148c6ec84a204a607b73"
}
],
"source": {
"advisory": "856bd2e2-db4f-4b7d-9927-222261ae3782",
"discovery": "EXTERNAL"
},
"title": "Stored XSS due to Unrestricted File Upload in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0940",
"STATE": "PUBLIC",
"TITLE": "Stored XSS due to Unrestricted File Upload in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.10.4"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/856bd2e2-db4f-4b7d-9927-222261ae3782",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/856bd2e2-db4f-4b7d-9927-222261ae3782"
},
{
"name": "https://github.com/star7th/showdoc/commit/78522520892d4e29cc94148c6ec84a204a607b73",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/78522520892d4e29cc94148c6ec84a204a607b73"
}
]
},
"source": {
"advisory": "856bd2e2-db4f-4b7d-9927-222261ae3782",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0940",
"datePublished": "2022-03-14T10:45:12",
"dateReserved": "2022-03-13T00:00:00",
"dateUpdated": "2024-08-02T23:47:43.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0938 (GCVE-0-2022-0938)
Vulnerability from cvelistv5 – Published: 2022-03-14 08:05 – Updated: 2024-08-02 23:47
VLAI?
Title
Stored XSS via file upload in star7th/showdoc
Summary
Stored XSS via file upload in GitHub repository star7th/showdoc prior to v2.10.4.
Severity ?
7.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Affected:
unspecified , < v2.10.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/3eb5a8f9-24e3-4eae-a212-070b2fbc237e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/830c89a4c2c5fd0dd491422bf8e97b4eb5713f55"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "v2.10.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS via file upload in GitHub repository star7th/showdoc prior to v2.10.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-14T08:05:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/3eb5a8f9-24e3-4eae-a212-070b2fbc237e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/830c89a4c2c5fd0dd491422bf8e97b4eb5713f55"
}
],
"source": {
"advisory": "3eb5a8f9-24e3-4eae-a212-070b2fbc237e",
"discovery": "EXTERNAL"
},
"title": "Stored XSS via file upload in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0938",
"STATE": "PUBLIC",
"TITLE": "Stored XSS via file upload in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.10.4"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS via file upload in GitHub repository star7th/showdoc prior to v2.10.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/3eb5a8f9-24e3-4eae-a212-070b2fbc237e",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/3eb5a8f9-24e3-4eae-a212-070b2fbc237e"
},
{
"name": "https://github.com/star7th/showdoc/commit/830c89a4c2c5fd0dd491422bf8e97b4eb5713f55",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/830c89a4c2c5fd0dd491422bf8e97b4eb5713f55"
}
]
},
"source": {
"advisory": "3eb5a8f9-24e3-4eae-a212-070b2fbc237e",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0938",
"datePublished": "2022-03-14T08:05:10",
"dateReserved": "2022-03-13T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0937 (GCVE-0-2022-0937)
Vulnerability from cvelistv5 – Published: 2022-03-14 02:35 – Updated: 2024-08-02 23:47
VLAI?
Title
Stored xss in showdoc through file upload in star7th/showdoc
Summary
Stored xss in showdoc through file upload in GitHub repository star7th/showdoc prior to 2.10.4.
Severity ?
6.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Affected:
unspecified , < 2.10.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.765Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/6127739d-f4f2-44cd-ae3d-e3ccb7f0d7b5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/42c0d9813df3035728b36116a6ce9116e6fa8ed3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "2.10.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored xss in showdoc through file upload in GitHub repository star7th/showdoc prior to 2.10.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-14T02:35:09",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/6127739d-f4f2-44cd-ae3d-e3ccb7f0d7b5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/42c0d9813df3035728b36116a6ce9116e6fa8ed3"
}
],
"source": {
"advisory": "6127739d-f4f2-44cd-ae3d-e3ccb7f0d7b5",
"discovery": "EXTERNAL"
},
"title": "Stored xss in showdoc through file upload in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0937",
"STATE": "PUBLIC",
"TITLE": "Stored xss in showdoc through file upload in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.10.4"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored xss in showdoc through file upload in GitHub repository star7th/showdoc prior to 2.10.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/6127739d-f4f2-44cd-ae3d-e3ccb7f0d7b5",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/6127739d-f4f2-44cd-ae3d-e3ccb7f0d7b5"
},
{
"name": "https://github.com/star7th/showdoc/commit/42c0d9813df3035728b36116a6ce9116e6fa8ed3",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/42c0d9813df3035728b36116a6ce9116e6fa8ed3"
}
]
},
"source": {
"advisory": "6127739d-f4f2-44cd-ae3d-e3ccb7f0d7b5",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0937",
"datePublished": "2022-03-14T02:35:09",
"dateReserved": "2022-03-13T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.765Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0880 (GCVE-0-2022-0880)
Vulnerability from cvelistv5 – Published: 2022-03-12 03:55 – Updated: 2024-08-02 23:40
VLAI?
Title
Cross-site Scripting (XSS) - Stored in star7th/showdoc
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2.
Severity ?
7.6 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Affected:
unspecified , < 2.10.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:04.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/df347aa9-ed9b-4f75-af99-c83b8aad3bcf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/818d7fe731f452acccacf731ce47ec27ad68049c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "2.10.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-12T03:55:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/df347aa9-ed9b-4f75-af99-c83b8aad3bcf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/818d7fe731f452acccacf731ce47ec27ad68049c"
}
],
"source": {
"advisory": "df347aa9-ed9b-4f75-af99-c83b8aad3bcf",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0880",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.10.2"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/df347aa9-ed9b-4f75-af99-c83b8aad3bcf",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/df347aa9-ed9b-4f75-af99-c83b8aad3bcf"
},
{
"name": "https://github.com/star7th/showdoc/commit/818d7fe731f452acccacf731ce47ec27ad68049c",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/818d7fe731f452acccacf731ce47ec27ad68049c"
}
]
},
"source": {
"advisory": "df347aa9-ed9b-4f75-af99-c83b8aad3bcf",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0880",
"datePublished": "2022-03-12T03:55:10",
"dateReserved": "2022-03-08T00:00:00",
"dateUpdated": "2024-08-02T23:40:04.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0409 (GCVE-0-2022-0409)
Vulnerability from cvelistv5 – Published: 2022-02-19 04:35 – Updated: 2024-08-02 23:25
VLAI?
Title
Unrestricted Upload of File with Dangerous Type in star7th/showdoc
Summary
Unrestricted Upload of File with Dangerous Type in Packagist showdoc/showdoc prior to 2.10.2.
Severity ?
7.2 (High)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Affected:
unspecified , < 2.10.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.441Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/c25bfad1-2611-4226-954f-009e50f966f7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/7383d7a3c1b0807b6f397ba7df415a0ce7ccc436"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "2.10.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type in Packagist showdoc/showdoc prior to 2.10.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-19T04:35:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/c25bfad1-2611-4226-954f-009e50f966f7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/7383d7a3c1b0807b6f397ba7df415a0ce7ccc436"
}
],
"source": {
"advisory": "c25bfad1-2611-4226-954f-009e50f966f7",
"discovery": "EXTERNAL"
},
"title": "Unrestricted Upload of File with Dangerous Type in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0409",
"STATE": "PUBLIC",
"TITLE": "Unrestricted Upload of File with Dangerous Type in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.10.2"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted Upload of File with Dangerous Type in Packagist showdoc/showdoc prior to 2.10.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/c25bfad1-2611-4226-954f-009e50f966f7",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/c25bfad1-2611-4226-954f-009e50f966f7"
},
{
"name": "https://github.com/star7th/showdoc/commit/7383d7a3c1b0807b6f397ba7df415a0ce7ccc436",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/7383d7a3c1b0807b6f397ba7df415a0ce7ccc436"
}
]
},
"source": {
"advisory": "c25bfad1-2611-4226-954f-009e50f966f7",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0409",
"datePublished": "2022-02-19T04:35:10",
"dateReserved": "2022-01-29T00:00:00",
"dateUpdated": "2024-08-02T23:25:40.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0362 (GCVE-0-2022-0362)
Vulnerability from cvelistv5 – Published: 2022-01-26 12:40 – Updated: 2024-08-02 23:25
VLAI?
Title
SQL Injection in star7th/showdoc
Summary
SQL Injection in Packagist showdoc/showdoc prior to 2.10.3.
Severity ?
6.7 (Medium)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Affected:
unspecified , < 2.10.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/e7c72417-eb8f-416c-8480-be76ac0a9091"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/2b34e267e4186125f99bfa420140634ad45801fb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "2.10.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection in Packagist showdoc/showdoc prior to 2.10.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-26T12:40:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/e7c72417-eb8f-416c-8480-be76ac0a9091"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/2b34e267e4186125f99bfa420140634ad45801fb"
}
],
"source": {
"advisory": "e7c72417-eb8f-416c-8480-be76ac0a9091",
"discovery": "EXTERNAL"
},
"title": " SQL Injection in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0362",
"STATE": "PUBLIC",
"TITLE": " SQL Injection in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.10.3"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL Injection in Packagist showdoc/showdoc prior to 2.10.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/e7c72417-eb8f-416c-8480-be76ac0a9091",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/e7c72417-eb8f-416c-8480-be76ac0a9091"
},
{
"name": "https://github.com/star7th/showdoc/commit/2b34e267e4186125f99bfa420140634ad45801fb",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/2b34e267e4186125f99bfa420140634ad45801fb"
}
]
},
"source": {
"advisory": "e7c72417-eb8f-416c-8480-be76ac0a9091",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0362",
"datePublished": "2022-01-26T12:40:10",
"dateReserved": "2022-01-25T00:00:00",
"dateUpdated": "2024-08-02T23:25:40.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4172 (GCVE-0-2021-4172)
Vulnerability from cvelistv5 – Published: 2022-01-22 11:40 – Updated: 2024-08-03 17:16
VLAI?
Title
Cross-site Scripting (XSS) - Stored in star7th/showdoc
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2.
Severity ?
6.5 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Affected:
unspecified , < 2.10.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/c041b693-877b-4456-b463-19e4c9456eee"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/409c8a1208bbb847046a9496303192980f2e6219"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "2.10.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-22T11:40:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/c041b693-877b-4456-b463-19e4c9456eee"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/409c8a1208bbb847046a9496303192980f2e6219"
}
],
"source": {
"advisory": "c041b693-877b-4456-b463-19e4c9456eee",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-4172",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.10.2"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/c041b693-877b-4456-b463-19e4c9456eee",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/c041b693-877b-4456-b463-19e4c9456eee"
},
{
"name": "https://github.com/star7th/showdoc/commit/409c8a1208bbb847046a9496303192980f2e6219",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/409c8a1208bbb847046a9496303192980f2e6219"
}
]
},
"source": {
"advisory": "c041b693-877b-4456-b463-19e4c9456eee",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-4172",
"datePublished": "2022-01-22T11:40:10",
"dateReserved": "2021-12-26T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0079 (GCVE-0-2022-0079)
Vulnerability from cvelistv5 – Published: 2022-01-03 03:00 – Updated: 2024-08-02 23:18
VLAI?
Title
Generation of Error Message Containing Sensitive Information in star7th/showdoc
Summary
showdoc is vulnerable to Generation of Error Message Containing Sensitive Information
Severity ?
5.3 (Medium)
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Affected:
unspecified , < 2.10.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/b37f0e26-355a-4d50-8495-a567c10828ee"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/e43df0a190f68aefa272507d3bd54475f566c1db"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "2.10.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "showdoc is vulnerable to Generation of Error Message Containing Sensitive Information"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-03T03:00:11",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/b37f0e26-355a-4d50-8495-a567c10828ee"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/e43df0a190f68aefa272507d3bd54475f566c1db"
}
],
"source": {
"advisory": "b37f0e26-355a-4d50-8495-a567c10828ee",
"discovery": "EXTERNAL"
},
"title": "Generation of Error Message Containing Sensitive Information in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0079",
"STATE": "PUBLIC",
"TITLE": "Generation of Error Message Containing Sensitive Information in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.10.0"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "showdoc is vulnerable to Generation of Error Message Containing Sensitive Information"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-209 Generation of Error Message Containing Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/b37f0e26-355a-4d50-8495-a567c10828ee",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/b37f0e26-355a-4d50-8495-a567c10828ee"
},
{
"name": "https://github.com/star7th/showdoc/commit/e43df0a190f68aefa272507d3bd54475f566c1db",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/e43df0a190f68aefa272507d3bd54475f566c1db"
}
]
},
"source": {
"advisory": "b37f0e26-355a-4d50-8495-a567c10828ee",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0079",
"datePublished": "2022-01-03T03:00:11",
"dateReserved": "2022-01-01T00:00:00",
"dateUpdated": "2024-08-02T23:18:41.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4168 (GCVE-0-2021-4168)
Vulnerability from cvelistv5 – Published: 2021-12-26 13:20 – Updated: 2024-08-03 17:16
VLAI?
Title
Cross-Site Request Forgery (CSRF) in star7th/showdoc
Summary
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
Severity ?
6.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Affected:
unspecified , < 2.9.15
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/f14431e2-f1f6-4331-ba91-a4ea8b26be0c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/3ff0c85d439ccbdfadeb96b5a52acf6318041109"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "2.9.15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "showdoc is vulnerable to Cross-Site Request Forgery (CSRF)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-26T13:20:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/f14431e2-f1f6-4331-ba91-a4ea8b26be0c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/3ff0c85d439ccbdfadeb96b5a52acf6318041109"
}
],
"source": {
"advisory": "f14431e2-f1f6-4331-ba91-a4ea8b26be0c",
"discovery": "EXTERNAL"
},
"title": "Cross-Site Request Forgery (CSRF) in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-4168",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Request Forgery (CSRF) in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.9.15"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "showdoc is vulnerable to Cross-Site Request Forgery (CSRF)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/f14431e2-f1f6-4331-ba91-a4ea8b26be0c",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/f14431e2-f1f6-4331-ba91-a4ea8b26be0c"
},
{
"name": "https://github.com/star7th/showdoc/commit/3ff0c85d439ccbdfadeb96b5a52acf6318041109",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/3ff0c85d439ccbdfadeb96b5a52acf6318041109"
}
]
},
"source": {
"advisory": "f14431e2-f1f6-4331-ba91-a4ea8b26be0c",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-4168",
"datePublished": "2021-12-26T13:20:10",
"dateReserved": "2021-12-25T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4000 (GCVE-0-2021-4000)
Vulnerability from cvelistv5 – Published: 2021-12-03 10:45 – Updated: 2024-08-03 17:16
VLAI?
Title
Open Redirect in star7th/showdoc
Summary
showdoc is vulnerable to URL Redirection to Untrusted Site
Severity ?
6.5 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Affected:
unspecified , < 2.9.13
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:02.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/e4d803e0-3104-432c-80b3-34bc453c8962"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/c7f10033eba5f2b5a537f9af9ba2379138e67138"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "2.9.13",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "showdoc is vulnerable to URL Redirection to Untrusted Site"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-03T10:45:11",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/e4d803e0-3104-432c-80b3-34bc453c8962"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/c7f10033eba5f2b5a537f9af9ba2379138e67138"
}
],
"source": {
"advisory": "e4d803e0-3104-432c-80b3-34bc453c8962",
"discovery": "EXTERNAL"
},
"title": "Open Redirect in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-4000",
"STATE": "PUBLIC",
"TITLE": "Open Redirect in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.9.13"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "showdoc is vulnerable to URL Redirection to Untrusted Site"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 URL Redirection to Untrusted Site"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/e4d803e0-3104-432c-80b3-34bc453c8962",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/e4d803e0-3104-432c-80b3-34bc453c8962"
},
{
"name": "https://github.com/star7th/showdoc/commit/c7f10033eba5f2b5a537f9af9ba2379138e67138",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/c7f10033eba5f2b5a537f9af9ba2379138e67138"
}
]
},
"source": {
"advisory": "e4d803e0-3104-432c-80b3-34bc453c8962",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-4000",
"datePublished": "2021-12-03T10:45:11",
"dateReserved": "2021-11-22T00:00:00",
"dateUpdated": "2024-08-03T17:16:02.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3989 (GCVE-0-2021-3989)
Vulnerability from cvelistv5 – Published: 2021-12-01 10:55 – Updated: 2024-08-03 17:09
VLAI?
Title
Open Redirect in star7th/showdoc
Summary
showdoc is vulnerable to URL Redirection to Untrusted Site
Severity ?
6.5 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Affected:
unspecified , < 2.9.13
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.754Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/ffc61eff-efea-42c5-92c2-e043fdf904d5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/335afc7ed6d6627c3d0434aa9acc168c77117614"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "2.9.13",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "showdoc is vulnerable to URL Redirection to Untrusted Site"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-01T10:55:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/ffc61eff-efea-42c5-92c2-e043fdf904d5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/335afc7ed6d6627c3d0434aa9acc168c77117614"
}
],
"source": {
"advisory": "ffc61eff-efea-42c5-92c2-e043fdf904d5",
"discovery": "EXTERNAL"
},
"title": "Open Redirect in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3989",
"STATE": "PUBLIC",
"TITLE": "Open Redirect in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.9.13"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "showdoc is vulnerable to URL Redirection to Untrusted Site"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 URL Redirection to Untrusted Site"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/ffc61eff-efea-42c5-92c2-e043fdf904d5",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/ffc61eff-efea-42c5-92c2-e043fdf904d5"
},
{
"name": "https://github.com/star7th/showdoc/commit/335afc7ed6d6627c3d0434aa9acc168c77117614",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/335afc7ed6d6627c3d0434aa9acc168c77117614"
}
]
},
"source": {
"advisory": "ffc61eff-efea-42c5-92c2-e043fdf904d5",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3989",
"datePublished": "2021-12-01T10:55:10",
"dateReserved": "2021-11-20T00:00:00",
"dateUpdated": "2024-08-03T17:09:09.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3990 (GCVE-0-2021-3990)
Vulnerability from cvelistv5 – Published: 2021-12-01 10:50 – Updated: 2024-08-03 17:16
VLAI?
Title
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in star7th/showdoc
Summary
showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Severity ?
6.5 (Medium)
CWE
- CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Affected:
unspecified , < 2.9.13
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:03.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/0680067d-56a7-4412-b06e-a267e850ae9f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/a9886f26c08225e0adca75c67dfca3f7c42b87d0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "2.9.13",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-01T10:50:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/0680067d-56a7-4412-b06e-a267e850ae9f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/a9886f26c08225e0adca75c67dfca3f7c42b87d0"
}
],
"source": {
"advisory": "0680067d-56a7-4412-b06e-a267e850ae9f",
"discovery": "EXTERNAL"
},
"title": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3990",
"STATE": "PUBLIC",
"TITLE": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.9.13"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/0680067d-56a7-4412-b06e-a267e850ae9f",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/0680067d-56a7-4412-b06e-a267e850ae9f"
},
{
"name": "https://github.com/star7th/showdoc/commit/a9886f26c08225e0adca75c67dfca3f7c42b87d0",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/a9886f26c08225e0adca75c67dfca3f7c42b87d0"
}
]
},
"source": {
"advisory": "0680067d-56a7-4412-b06e-a267e850ae9f",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3990",
"datePublished": "2021-12-01T10:50:10",
"dateReserved": "2021-11-20T00:00:00",
"dateUpdated": "2024-08-03T17:16:03.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3993 (GCVE-0-2021-3993)
Vulnerability from cvelistv5 – Published: 2021-12-01 10:40 – Updated: 2024-08-03 17:16
VLAI?
Title
Cross-Site Request Forgery (CSRF) in star7th/showdoc
Summary
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
Severity ?
4.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Affected:
unspecified , < v2.9.13
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:02.867Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/654e871a3923e79076818a9a03533fe88222c871"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/0aa84736-139b-4ae7-becf-604f7f60b1c9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "v2.9.13",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "showdoc is vulnerable to Cross-Site Request Forgery (CSRF)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-01T10:40:09",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/654e871a3923e79076818a9a03533fe88222c871"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/0aa84736-139b-4ae7-becf-604f7f60b1c9"
}
],
"source": {
"advisory": "0aa84736-139b-4ae7-becf-604f7f60b1c9",
"discovery": "EXTERNAL"
},
"title": "Cross-Site Request Forgery (CSRF) in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3993",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Request Forgery (CSRF) in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.9.13"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "showdoc is vulnerable to Cross-Site Request Forgery (CSRF)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/star7th/showdoc/commit/654e871a3923e79076818a9a03533fe88222c871",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/654e871a3923e79076818a9a03533fe88222c871"
},
{
"name": "https://huntr.dev/bounties/0aa84736-139b-4ae7-becf-604f7f60b1c9",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/0aa84736-139b-4ae7-becf-604f7f60b1c9"
}
]
},
"source": {
"advisory": "0aa84736-139b-4ae7-becf-604f7f60b1c9",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3993",
"datePublished": "2021-12-01T10:40:09",
"dateReserved": "2021-11-22T00:00:00",
"dateUpdated": "2024-08-03T17:16:02.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4017 (GCVE-0-2021-4017)
Vulnerability from cvelistv5 – Published: 2021-12-01 10:15 – Updated: 2024-08-03 17:16
VLAI?
Title
Cross-Site Request Forgery (CSRF) in star7th/showdoc
Summary
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
Severity ?
7.3 (High)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| star7th | star7th/showdoc |
Affected:
unspecified , < v2.9.13
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:03.760Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/1d8439e8-b3f7-40f8-8b30-f9cb05ff2bcd"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/star7th/showdoc/commit/654e871a3923e79076818a9a03533fe88222c871"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "star7th/showdoc",
"vendor": "star7th",
"versions": [
{
"lessThan": "v2.9.13",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "showdoc is vulnerable to Cross-Site Request Forgery (CSRF)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-01T10:15:11",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/1d8439e8-b3f7-40f8-8b30-f9cb05ff2bcd"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/star7th/showdoc/commit/654e871a3923e79076818a9a03533fe88222c871"
}
],
"source": {
"advisory": "1d8439e8-b3f7-40f8-8b30-f9cb05ff2bcd",
"discovery": "EXTERNAL"
},
"title": "Cross-Site Request Forgery (CSRF) in star7th/showdoc",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-4017",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Request Forgery (CSRF) in star7th/showdoc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "star7th/showdoc",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.9.13"
}
]
}
}
]
},
"vendor_name": "star7th"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "showdoc is vulnerable to Cross-Site Request Forgery (CSRF)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/1d8439e8-b3f7-40f8-8b30-f9cb05ff2bcd",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/1d8439e8-b3f7-40f8-8b30-f9cb05ff2bcd"
},
{
"name": "https://github.com/star7th/showdoc/commit/654e871a3923e79076818a9a03533fe88222c871",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/commit/654e871a3923e79076818a9a03533fe88222c871"
}
]
},
"source": {
"advisory": "1d8439e8-b3f7-40f8-8b30-f9cb05ff2bcd",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-4017",
"datePublished": "2021-12-01T10:15:11",
"dateReserved": "2021-11-25T00:00:00",
"dateUpdated": "2024-08-03T17:16:03.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}