Search

Find a vulnerability

Search criteria

    68 vulnerabilities found for star7th/showdoc by star7th

    CVE-2022-1034 (GCVE-0-2022-1034)

    Vulnerability from nvd – Published: 2022-03-22 07:55 – Updated: 2024-08-02 23:47
    VLAI
    Title
    There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in star7th/showdoc
    Summary
    There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4.
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    References
    Impacted products
    Vendor Product Version
    star7th star7th/showdoc Affected: unspecified , < 2.10.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:43.259Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/d205c489-3266-4ac4-acb7-c8ee570887f7"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/star7th/showdoc/commit/bd792a89c0325836fbd64784f4c4117c0171416b"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "star7th/showdoc",
              "vendor": "star7th",
              "versions": [
                {
                  "lessThan": "2.10.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-22T07:55:09.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/d205c489-3266-4ac4-acb7-c8ee570887f7"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/star7th/showdoc/commit/bd792a89c0325836fbd64784f4c4117c0171416b"
            }
          ],
          "source": {
            "advisory": "d205c489-3266-4ac4-acb7-c8ee570887f7",
            "discovery": "EXTERNAL"
          },
          "title": "There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in star7th/showdoc",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-1034",
              "STATE": "PUBLIC",
              "TITLE": "There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in star7th/showdoc"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "star7th/showdoc",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.10.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "star7th"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/d205c489-3266-4ac4-acb7-c8ee570887f7",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/d205c489-3266-4ac4-acb7-c8ee570887f7"
                },
                {
                  "name": "https://github.com/star7th/showdoc/commit/bd792a89c0325836fbd64784f4c4117c0171416b",
                  "refsource": "MISC",
                  "url": "https://github.com/star7th/showdoc/commit/bd792a89c0325836fbd64784f4c4117c0171416b"
                }
              ]
            },
            "source": {
              "advisory": "d205c489-3266-4ac4-acb7-c8ee570887f7",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-1034",
        "datePublished": "2022-03-22T07:55:10.000Z",
        "dateReserved": "2022-03-21T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:43.259Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0967 (GCVE-0-2022-0967)

    Vulnerability from nvd – Published: 2022-03-15 15:35 – Updated: 2024-08-02 23:47
    VLAI
    Title
    Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in star7th/showdoc
    Summary
    Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    star7th star7th/showdoc Affected: unspecified , < 2.10.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:42.920Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/9dea3c98-7609-480d-902d-149067bd1e2a"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167198/Showdoc-2.10.3-Cross-Site-Scripting.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "star7th/showdoc",
              "vendor": "star7th",
              "versions": [
                {
                  "lessThan": "2.10.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-17T18:06:14.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/9dea3c98-7609-480d-902d-149067bd1e2a"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/167198/Showdoc-2.10.3-Cross-Site-Scripting.html"
            }
          ],
          "source": {
            "advisory": "9dea3c98-7609-480d-902d-149067bd1e2a",
            "discovery": "EXTERNAL"
          },
          "title": "Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in star7th/showdoc",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0967",
              "STATE": "PUBLIC",
              "TITLE": "Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in star7th/showdoc"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "star7th/showdoc",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.10.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "star7th"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8",
                  "refsource": "MISC",
                  "url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
                },
                {
                  "name": "https://huntr.dev/bounties/9dea3c98-7609-480d-902d-149067bd1e2a",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/9dea3c98-7609-480d-902d-149067bd1e2a"
                },
                {
                  "name": "http://packetstormsecurity.com/files/167198/Showdoc-2.10.3-Cross-Site-Scripting.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/167198/Showdoc-2.10.3-Cross-Site-Scripting.html"
                }
              ]
            },
            "source": {
              "advisory": "9dea3c98-7609-480d-902d-149067bd1e2a",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0967",
        "datePublished": "2022-03-15T15:35:11.000Z",
        "dateReserved": "2022-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:42.920Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0966 (GCVE-0-2022-0966)

    Vulnerability from nvd – Published: 2022-03-15 15:35 – Updated: 2024-08-02 23:47
    VLAI
    Title
    Stored XSS via File Upload in star7th/showdoc in star7th/showdoc
    Summary
    Stored XSS via File Upload in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.4.10.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    star7th star7th/showdoc Affected: unspecified , < 2.4.10 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:42.947Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/e06c0d55-00a3-4f82-a009-0310b2e402fe"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "star7th/showdoc",
              "vendor": "star7th",
              "versions": [
                {
                  "lessThan": "2.4.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stored XSS via File Upload in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.4.10."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-15T15:35:17.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/e06c0d55-00a3-4f82-a009-0310b2e402fe"
            }
          ],
          "source": {
            "advisory": "e06c0d55-00a3-4f82-a009-0310b2e402fe",
            "discovery": "EXTERNAL"
          },
          "title": "Stored XSS via File Upload in star7th/showdoc in star7th/showdoc",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0966",
              "STATE": "PUBLIC",
              "TITLE": "Stored XSS via File Upload in star7th/showdoc in star7th/showdoc"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "star7th/showdoc",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.4.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "star7th"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stored XSS via File Upload in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.4.10."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8",
                  "refsource": "MISC",
                  "url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
                },
                {
                  "name": "https://huntr.dev/bounties/e06c0d55-00a3-4f82-a009-0310b2e402fe",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/e06c0d55-00a3-4f82-a009-0310b2e402fe"
                }
              ]
            },
            "source": {
              "advisory": "e06c0d55-00a3-4f82-a009-0310b2e402fe",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0966",
        "datePublished": "2022-03-15T15:35:17.000Z",
        "dateReserved": "2022-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:42.947Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0965 (GCVE-0-2022-0965)

    Vulnerability from nvd – Published: 2022-03-15 15:35 – Updated: 2024-08-02 23:47
    VLAI
    Title
    Stored XSS viva .ofd file upload in star7th/showdoc
    Summary
    Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc prior to 2.10.4.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    star7th star7th/showdoc Affected: unspecified , < 2.10.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:42.789Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/d66c88ce-63e2-4515-a429-8e43a42aa347"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "star7th/showdoc",
              "vendor": "star7th",
              "versions": [
                {
                  "lessThan": "2.10.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc prior to 2.10.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-15T15:35:23.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/d66c88ce-63e2-4515-a429-8e43a42aa347"
            }
          ],
          "source": {
            "advisory": "d66c88ce-63e2-4515-a429-8e43a42aa347",
            "discovery": "EXTERNAL"
          },
          "title": "Stored XSS viva .ofd file upload in star7th/showdoc",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0965",
              "STATE": "PUBLIC",
              "TITLE": "Stored XSS viva .ofd file upload in star7th/showdoc"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "star7th/showdoc",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.10.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "star7th"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc prior to 2.10.4."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8",
                  "refsource": "MISC",
                  "url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
                },
                {
                  "name": "https://huntr.dev/bounties/d66c88ce-63e2-4515-a429-8e43a42aa347",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/d66c88ce-63e2-4515-a429-8e43a42aa347"
                }
              ]
            },
            "source": {
              "advisory": "d66c88ce-63e2-4515-a429-8e43a42aa347",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0965",
        "datePublished": "2022-03-15T15:35:23.000Z",
        "dateReserved": "2022-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:42.789Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0964 (GCVE-0-2022-0964)

    Vulnerability from nvd – Published: 2022-03-15 15:35 – Updated: 2024-08-02 23:47
    VLAI
    Title
    Stored XSS viva .webmv file upload in star7th/showdoc
    Summary
    Stored XSS viva .webmv file upload in GitHub repository star7th/showdoc prior to 2.10.4.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    star7th star7th/showdoc Affected: unspecified , < 2.10.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:43.228Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/dbe39998-8eb7-46ea-997f-7b27f6f16ea0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "star7th/showdoc",
              "vendor": "star7th",
              "versions": [
                {
                  "lessThan": "2.10.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stored XSS viva .webmv file upload in GitHub repository star7th/showdoc prior to 2.10.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-15T15:35:29.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/dbe39998-8eb7-46ea-997f-7b27f6f16ea0"
            }
          ],
          "source": {
            "advisory": "dbe39998-8eb7-46ea-997f-7b27f6f16ea0",
            "discovery": "EXTERNAL"
          },
          "title": "Stored XSS viva .webmv file upload in star7th/showdoc",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0964",
              "STATE": "PUBLIC",
              "TITLE": "Stored XSS viva .webmv file upload in star7th/showdoc"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "star7th/showdoc",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.10.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "star7th"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stored XSS viva .webmv file upload in GitHub repository star7th/showdoc prior to 2.10.4."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8",
                  "refsource": "MISC",
                  "url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
                },
                {
                  "name": "https://huntr.dev/bounties/dbe39998-8eb7-46ea-997f-7b27f6f16ea0",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/dbe39998-8eb7-46ea-997f-7b27f6f16ea0"
                }
              ]
            },
            "source": {
              "advisory": "dbe39998-8eb7-46ea-997f-7b27f6f16ea0",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0964",
        "datePublished": "2022-03-15T15:35:29.000Z",
        "dateReserved": "2022-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:43.228Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0942 (GCVE-0-2022-0942)

    Vulnerability from nvd – Published: 2022-03-15 13:40 – Updated: 2024-08-02 23:47
    VLAI
    Title
    Stored XSS due to Unrestricted File Upload in star7th/showdoc
    Summary
    Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to 2.10.4.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    star7th star7th/showdoc Affected: unspecified , < 2.10.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:43.008Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/a412707c-18da-4c84-adc0-9801ed8068c9"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "star7th/showdoc",
              "vendor": "star7th",
              "versions": [
                {
                  "lessThan": "2.10.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to 2.10.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-15T13:40:10.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/a412707c-18da-4c84-adc0-9801ed8068c9"
            }
          ],
          "source": {
            "advisory": "a412707c-18da-4c84-adc0-9801ed8068c9",
            "discovery": "EXTERNAL"
          },
          "title": "Stored XSS due to Unrestricted File Upload in star7th/showdoc",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0942",
              "STATE": "PUBLIC",
              "TITLE": "Stored XSS due to Unrestricted File Upload in star7th/showdoc"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "star7th/showdoc",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.10.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "star7th"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to 2.10.4."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8",
                  "refsource": "MISC",
                  "url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
                },
                {
                  "name": "https://huntr.dev/bounties/a412707c-18da-4c84-adc0-9801ed8068c9",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/a412707c-18da-4c84-adc0-9801ed8068c9"
                }
              ]
            },
            "source": {
              "advisory": "a412707c-18da-4c84-adc0-9801ed8068c9",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0942",
        "datePublished": "2022-03-15T13:40:10.000Z",
        "dateReserved": "2022-03-13T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:43.008Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0957 (GCVE-0-2022-0957)

    Vulnerability from nvd – Published: 2022-03-15 12:30 – Updated: 2024-08-02 23:47
    VLAI
    Title
    Stored XSS via File Upload in star7th/showdoc
    Summary
    Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    star7th star7th/showdoc Affected: unspecified , < 2.10.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:42.901Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/b4918d45-b635-40db-bb4b-34035e1aca21"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/star7th/showdoc/commit/d1c9ed0d77ea5d56f09be0c492361dca8af745bb"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "star7th/showdoc",
              "vendor": "star7th",
              "versions": [
                {
                  "lessThan": "2.10.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-15T12:30:12.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/b4918d45-b635-40db-bb4b-34035e1aca21"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/star7th/showdoc/commit/d1c9ed0d77ea5d56f09be0c492361dca8af745bb"
            }
          ],
          "source": {
            "advisory": "b4918d45-b635-40db-bb4b-34035e1aca21",
            "discovery": "EXTERNAL"
          },
          "title": "Stored XSS via File Upload in star7th/showdoc",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0957",
              "STATE": "PUBLIC",
              "TITLE": "Stored XSS via File Upload in star7th/showdoc"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "star7th/showdoc",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.10.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "star7th"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/b4918d45-b635-40db-bb4b-34035e1aca21",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/b4918d45-b635-40db-bb4b-34035e1aca21"
                },
                {
                  "name": "https://github.com/star7th/showdoc/commit/d1c9ed0d77ea5d56f09be0c492361dca8af745bb",
                  "refsource": "MISC",
                  "url": "https://github.com/star7th/showdoc/commit/d1c9ed0d77ea5d56f09be0c492361dca8af745bb"
                }
              ]
            },
            "source": {
              "advisory": "b4918d45-b635-40db-bb4b-34035e1aca21",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0957",
        "datePublished": "2022-03-15T12:30:12.000Z",
        "dateReserved": "2022-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:42.901Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0956 (GCVE-0-2022-0956)

    Vulnerability from nvd – Published: 2022-03-15 12:20 – Updated: 2024-08-02 23:47
    VLAI
    Title
    Stored XSS via File Upload in star7th/showdoc
    Summary
    Stored XSS via File Upload in GitHub repository star7th/showdoc prior to v.2.10.4.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    star7th star7th/showdoc Affected: unspecified , < v.2.10.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:43.165Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/5b0e3f02-309f-4b59-8020-d7ac0f1999f2"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/star7th/showdoc/commit/56e450c3adf75c707500d7231a78c9fc894c7f13"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "star7th/showdoc",
              "vendor": "star7th",
              "versions": [
                {
                  "lessThan": "v.2.10.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stored XSS via File Upload in GitHub repository star7th/showdoc prior to v.2.10.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-15T12:20:10.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/5b0e3f02-309f-4b59-8020-d7ac0f1999f2"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/star7th/showdoc/commit/56e450c3adf75c707500d7231a78c9fc894c7f13"
            }
          ],
          "source": {
            "advisory": "5b0e3f02-309f-4b59-8020-d7ac0f1999f2",
            "discovery": "EXTERNAL"
          },
          "title": "Stored XSS via File Upload in star7th/showdoc",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0956",
              "STATE": "PUBLIC",
              "TITLE": "Stored XSS via File Upload in star7th/showdoc"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "star7th/showdoc",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v.2.10.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "star7th"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stored XSS via File Upload in GitHub repository star7th/showdoc prior to v.2.10.4."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/5b0e3f02-309f-4b59-8020-d7ac0f1999f2",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/5b0e3f02-309f-4b59-8020-d7ac0f1999f2"
                },
                {
                  "name": "https://github.com/star7th/showdoc/commit/56e450c3adf75c707500d7231a78c9fc894c7f13",
                  "refsource": "MISC",
                  "url": "https://github.com/star7th/showdoc/commit/56e450c3adf75c707500d7231a78c9fc894c7f13"
                }
              ]
            },
            "source": {
              "advisory": "5b0e3f02-309f-4b59-8020-d7ac0f1999f2",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0956",
        "datePublished": "2022-03-15T12:20:10.000Z",
        "dateReserved": "2022-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:43.165Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0951 (GCVE-0-2022-0951)

    Vulnerability from nvd – Published: 2022-03-15 08:20 – Updated: 2024-08-02 23:47
    VLAI
    Title
    File Upload Restriction Bypass leading to Stored XSS Vulnerability in star7th/showdoc
    Summary
    File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4.
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    References
    Impacted products
    Vendor Product Version
    star7th star7th/showdoc Affected: unspecified , < 2.10.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:43.353Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/star7th/showdoc/commit/237ac6d43bf3728bf3587c486a23b4a48ea7acb3"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/b3a983a3-17f9-4aa8-92d7-8a0c92a93932"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "star7th/showdoc",
              "vendor": "star7th",
              "versions": [
                {
                  "lessThan": "2.10.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-15T08:20:15.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/star7th/showdoc/commit/237ac6d43bf3728bf3587c486a23b4a48ea7acb3"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/b3a983a3-17f9-4aa8-92d7-8a0c92a93932"
            }
          ],
          "source": {
            "advisory": "b3a983a3-17f9-4aa8-92d7-8a0c92a93932",
            "discovery": "EXTERNAL"
          },
          "title": "File Upload Restriction Bypass leading to Stored XSS Vulnerability in star7th/showdoc",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0951",
              "STATE": "PUBLIC",
              "TITLE": "File Upload Restriction Bypass leading to Stored XSS Vulnerability in star7th/showdoc"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "star7th/showdoc",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.10.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "star7th"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/star7th/showdoc/commit/237ac6d43bf3728bf3587c486a23b4a48ea7acb3",
                  "refsource": "MISC",
                  "url": "https://github.com/star7th/showdoc/commit/237ac6d43bf3728bf3587c486a23b4a48ea7acb3"
                },
                {
                  "name": "https://huntr.dev/bounties/b3a983a3-17f9-4aa8-92d7-8a0c92a93932",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/b3a983a3-17f9-4aa8-92d7-8a0c92a93932"
                }
              ]
            },
            "source": {
              "advisory": "b3a983a3-17f9-4aa8-92d7-8a0c92a93932",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0951",
        "datePublished": "2022-03-15T08:20:15.000Z",
        "dateReserved": "2022-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:43.353Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0950 (GCVE-0-2022-0950)

    Vulnerability from nvd – Published: 2022-03-15 08:20 – Updated: 2024-08-02 23:47
    VLAI
    Title
    Unrestricted Upload of File with Dangerous Type in star7th/showdoc
    Summary
    Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4.
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    References
    Impacted products
    Vendor Product Version
    star7th star7th/showdoc Affected: unspecified , < 2.10.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:43.257Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/acc23996-bd57-448f-9eb4-05a8a046c2dc"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/star7th/showdoc/commit/237ac6d43bf3728bf3587c486a23b4a48ea7acb3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "star7th/showdoc",
              "vendor": "star7th",
              "versions": [
                {
                  "lessThan": "2.10.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-15T08:20:10.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/acc23996-bd57-448f-9eb4-05a8a046c2dc"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/star7th/showdoc/commit/237ac6d43bf3728bf3587c486a23b4a48ea7acb3"
            }
          ],
          "source": {
            "advisory": "acc23996-bd57-448f-9eb4-05a8a046c2dc",
            "discovery": "EXTERNAL"
          },
          "title": "Unrestricted Upload of File with Dangerous Type in star7th/showdoc",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0950",
              "STATE": "PUBLIC",
              "TITLE": "Unrestricted Upload of File with Dangerous Type in star7th/showdoc"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "star7th/showdoc",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.10.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "star7th"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/acc23996-bd57-448f-9eb4-05a8a046c2dc",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/acc23996-bd57-448f-9eb4-05a8a046c2dc"
                },
                {
                  "name": "https://github.com/star7th/showdoc/commit/237ac6d43bf3728bf3587c486a23b4a48ea7acb3",
                  "refsource": "MISC",
                  "url": "https://github.com/star7th/showdoc/commit/237ac6d43bf3728bf3587c486a23b4a48ea7acb3"
                }
              ]
            },
            "source": {
              "advisory": "acc23996-bd57-448f-9eb4-05a8a046c2dc",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0950",
        "datePublished": "2022-03-15T08:20:10.000Z",
        "dateReserved": "2022-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:43.257Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0945 (GCVE-0-2022-0945)

    Vulnerability from nvd – Published: 2022-03-15 03:50 – Updated: 2024-08-02 23:47
    VLAI
    Title
    Stored XSS viva axd and cshtml file upload in star7th/showdoc in star7th/showdoc
    Summary
    Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4.
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    References
    Impacted products
    Vendor Product Version
    star7th star7th/showdoc Affected: unspecified , < v2.10.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:42.758Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/8702e2bf-4af2-4391-b651-c8c89e7d089e"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/star7th/showdoc/commit/ba45d19e1d77a7eea866dab30eff5da552694891"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "star7th/showdoc",
              "vendor": "star7th",
              "versions": [
                {
                  "lessThan": "v2.10.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-15T03:50:35.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/8702e2bf-4af2-4391-b651-c8c89e7d089e"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/star7th/showdoc/commit/ba45d19e1d77a7eea866dab30eff5da552694891"
            }
          ],
          "source": {
            "advisory": "8702e2bf-4af2-4391-b651-c8c89e7d089e",
            "discovery": "EXTERNAL"
          },
          "title": "Stored XSS viva axd and cshtml file upload in star7th/showdoc in star7th/showdoc",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0945",
              "STATE": "PUBLIC",
              "TITLE": "Stored XSS viva axd and cshtml file upload in star7th/showdoc in star7th/showdoc"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "star7th/showdoc",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.10.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "star7th"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/8702e2bf-4af2-4391-b651-c8c89e7d089e",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/8702e2bf-4af2-4391-b651-c8c89e7d089e"
                },
                {
                  "name": "https://github.com/star7th/showdoc/commit/ba45d19e1d77a7eea866dab30eff5da552694891",
                  "refsource": "MISC",
                  "url": "https://github.com/star7th/showdoc/commit/ba45d19e1d77a7eea866dab30eff5da552694891"
                }
              ]
            },
            "source": {
              "advisory": "8702e2bf-4af2-4391-b651-c8c89e7d089e",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0945",
        "datePublished": "2022-03-15T03:50:35.000Z",
        "dateReserved": "2022-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:42.758Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0962 (GCVE-0-2022-0962)

    Vulnerability from nvd – Published: 2022-03-14 15:30 – Updated: 2024-08-02 23:47
    VLAI
    Title
    Stored XSS viva .webma file upload in star7th/showdoc
    Summary
    Stored XSS viva .webma file upload in GitHub repository star7th/showdoc prior to 2.10.4.
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    References
    Impacted products
    Vendor Product Version
    star7th star7th/showdoc Affected: unspecified , < 2.10.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:42.908Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/7ebe3e5f-2c86-44de-b83e-2ddb6bbda908"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "star7th/showdoc",
              "vendor": "star7th",
              "versions": [
                {
                  "lessThan": "2.10.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stored XSS viva .webma file upload in GitHub repository star7th/showdoc prior to 2.10.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-14T15:30:14.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/7ebe3e5f-2c86-44de-b83e-2ddb6bbda908"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
            }
          ],
          "source": {
            "advisory": "7ebe3e5f-2c86-44de-b83e-2ddb6bbda908",
            "discovery": "EXTERNAL"
          },
          "title": "Stored XSS viva .webma file upload in star7th/showdoc",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0962",
              "STATE": "PUBLIC",
              "TITLE": "Stored XSS viva .webma file upload in star7th/showdoc"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "star7th/showdoc",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.10.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "star7th"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stored XSS viva .webma file upload in GitHub repository star7th/showdoc prior to 2.10.4."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/7ebe3e5f-2c86-44de-b83e-2ddb6bbda908",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/7ebe3e5f-2c86-44de-b83e-2ddb6bbda908"
                },
                {
                  "name": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8",
                  "refsource": "MISC",
                  "url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
                }
              ]
            },
            "source": {
              "advisory": "7ebe3e5f-2c86-44de-b83e-2ddb6bbda908",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0962",
        "datePublished": "2022-03-14T15:30:15.000Z",
        "dateReserved": "2022-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:42.908Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0960 (GCVE-0-2022-0960)

    Vulnerability from nvd – Published: 2022-03-14 14:45 – Updated: 2024-08-02 23:47
    VLAI
    Title
    Stored XSS viva .properties file upload in star7th/showdoc
    Summary
    Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4.
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    References
    Impacted products
    Vendor Product Version
    star7th star7th/showdoc Affected: unspecified , < 2.10.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:42.832Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/462cd8a7-b1a9-4e93-af71-b56ba1d7ad4e"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/star7th/showdoc/commit/92bc6a83a3a60e01a0d2effb98ab47d8d7eab28f"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "star7th/showdoc",
              "vendor": "star7th",
              "versions": [
                {
                  "lessThan": "2.10.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-14T14:45:13.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/462cd8a7-b1a9-4e93-af71-b56ba1d7ad4e"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/star7th/showdoc/commit/92bc6a83a3a60e01a0d2effb98ab47d8d7eab28f"
            }
          ],
          "source": {
            "advisory": "462cd8a7-b1a9-4e93-af71-b56ba1d7ad4e",
            "discovery": "EXTERNAL"
          },
          "title": "Stored XSS viva .properties file upload in star7th/showdoc",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0960",
              "STATE": "PUBLIC",
              "TITLE": "Stored XSS viva .properties file upload in star7th/showdoc"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "star7th/showdoc",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.10.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "star7th"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/462cd8a7-b1a9-4e93-af71-b56ba1d7ad4e",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/462cd8a7-b1a9-4e93-af71-b56ba1d7ad4e"
                },
                {
                  "name": "https://github.com/star7th/showdoc/commit/92bc6a83a3a60e01a0d2effb98ab47d8d7eab28f",
                  "refsource": "MISC",
                  "url": "https://github.com/star7th/showdoc/commit/92bc6a83a3a60e01a0d2effb98ab47d8d7eab28f"
                }
              ]
            },
            "source": {
              "advisory": "462cd8a7-b1a9-4e93-af71-b56ba1d7ad4e",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0960",
        "datePublished": "2022-03-14T14:45:13.000Z",
        "dateReserved": "2022-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:42.832Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0946 (GCVE-0-2022-0946)

    Vulnerability from nvd – Published: 2022-03-14 13:20 – Updated: 2024-08-02 23:47
    VLAI
    Title
    Stored XSS viva cshtm file upload in star7th/showdoc
    Summary
    Stored XSS viva cshtm file upload in GitHub repository star7th/showdoc prior to v2.10.4.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    star7th star7th/showdoc Affected: unspecified , < v2.10.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:42.965Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/1f8f0021-396e-428e-9748-dd4e359715e1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/star7th/showdoc/commit/e5d575928b1371a7e07b09b6592822298335062a"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "star7th/showdoc",
              "vendor": "star7th",
              "versions": [
                {
                  "lessThan": "v2.10.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stored XSS viva cshtm file upload in GitHub repository star7th/showdoc prior to v2.10.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-14T13:20:08.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/1f8f0021-396e-428e-9748-dd4e359715e1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/star7th/showdoc/commit/e5d575928b1371a7e07b09b6592822298335062a"
            }
          ],
          "source": {
            "advisory": "1f8f0021-396e-428e-9748-dd4e359715e1",
            "discovery": "EXTERNAL"
          },
          "title": "Stored XSS viva cshtm file upload in star7th/showdoc",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0946",
              "STATE": "PUBLIC",
              "TITLE": "Stored XSS viva cshtm file upload in star7th/showdoc"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "star7th/showdoc",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.10.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "star7th"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stored XSS viva cshtm file upload in GitHub repository star7th/showdoc prior to v2.10.4."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/1f8f0021-396e-428e-9748-dd4e359715e1",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/1f8f0021-396e-428e-9748-dd4e359715e1"
                },
                {
                  "name": "https://github.com/star7th/showdoc/commit/e5d575928b1371a7e07b09b6592822298335062a",
                  "refsource": "MISC",
                  "url": "https://github.com/star7th/showdoc/commit/e5d575928b1371a7e07b09b6592822298335062a"
                }
              ]
            },
            "source": {
              "advisory": "1f8f0021-396e-428e-9748-dd4e359715e1",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0946",
        "datePublished": "2022-03-14T13:20:08.000Z",
        "dateReserved": "2022-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:42.965Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0941 (GCVE-0-2022-0941)

    Vulnerability from nvd – Published: 2022-03-14 12:25 – Updated: 2024-08-02 23:47
    VLAI
    Title
    Stored XSS due to Unrestricted File Upload in star7th/showdoc
    Summary
    Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    star7th star7th/showdoc Affected: unspecified , < v2.10.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:43.231Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/040a910e-e689-4fcb-9e4f-95206515d1bc"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/star7th/showdoc/commit/4b6e6603c714aab1de346c5f5cb0bbb4c871be1f"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "star7th/showdoc",
              "vendor": "star7th",
              "versions": [
                {
                  "lessThan": "v2.10.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-14T12:25:09.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/040a910e-e689-4fcb-9e4f-95206515d1bc"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/star7th/showdoc/commit/4b6e6603c714aab1de346c5f5cb0bbb4c871be1f"
            }
          ],
          "source": {
            "advisory": "040a910e-e689-4fcb-9e4f-95206515d1bc",
            "discovery": "EXTERNAL"
          },
          "title": "Stored XSS due to Unrestricted File Upload in star7th/showdoc",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0941",
              "STATE": "PUBLIC",
              "TITLE": "Stored XSS due to Unrestricted File Upload in star7th/showdoc"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "star7th/showdoc",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.10.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "star7th"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/040a910e-e689-4fcb-9e4f-95206515d1bc",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/040a910e-e689-4fcb-9e4f-95206515d1bc"
                },
                {
                  "name": "https://github.com/star7th/showdoc/commit/4b6e6603c714aab1de346c5f5cb0bbb4c871be1f",
                  "refsource": "MISC",
                  "url": "https://github.com/star7th/showdoc/commit/4b6e6603c714aab1de346c5f5cb0bbb4c871be1f"
                }
              ]
            },
            "source": {
              "advisory": "040a910e-e689-4fcb-9e4f-95206515d1bc",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0941",
        "datePublished": "2022-03-14T12:25:09.000Z",
        "dateReserved": "2022-03-13T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:43.231Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1034 (GCVE-0-2022-1034)

    Vulnerability from cvelistv5 – Published: 2022-03-22 07:55 – Updated: 2024-08-02 23:47
    VLAI
    Title
    There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in star7th/showdoc
    Summary
    There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4.
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    References
    Impacted products
    Vendor Product Version
    star7th star7th/showdoc Affected: unspecified , < 2.10.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:43.259Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/d205c489-3266-4ac4-acb7-c8ee570887f7"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/star7th/showdoc/commit/bd792a89c0325836fbd64784f4c4117c0171416b"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "star7th/showdoc",
              "vendor": "star7th",
              "versions": [
                {
                  "lessThan": "2.10.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-22T07:55:09.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/d205c489-3266-4ac4-acb7-c8ee570887f7"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/star7th/showdoc/commit/bd792a89c0325836fbd64784f4c4117c0171416b"
            }
          ],
          "source": {
            "advisory": "d205c489-3266-4ac4-acb7-c8ee570887f7",
            "discovery": "EXTERNAL"
          },
          "title": "There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in star7th/showdoc",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-1034",
              "STATE": "PUBLIC",
              "TITLE": "There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in star7th/showdoc"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "star7th/showdoc",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.10.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "star7th"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/d205c489-3266-4ac4-acb7-c8ee570887f7",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/d205c489-3266-4ac4-acb7-c8ee570887f7"
                },
                {
                  "name": "https://github.com/star7th/showdoc/commit/bd792a89c0325836fbd64784f4c4117c0171416b",
                  "refsource": "MISC",
                  "url": "https://github.com/star7th/showdoc/commit/bd792a89c0325836fbd64784f4c4117c0171416b"
                }
              ]
            },
            "source": {
              "advisory": "d205c489-3266-4ac4-acb7-c8ee570887f7",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-1034",
        "datePublished": "2022-03-22T07:55:10.000Z",
        "dateReserved": "2022-03-21T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:43.259Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0964 (GCVE-0-2022-0964)

    Vulnerability from cvelistv5 – Published: 2022-03-15 15:35 – Updated: 2024-08-02 23:47
    VLAI
    Title
    Stored XSS viva .webmv file upload in star7th/showdoc
    Summary
    Stored XSS viva .webmv file upload in GitHub repository star7th/showdoc prior to 2.10.4.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    star7th star7th/showdoc Affected: unspecified , < 2.10.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:43.228Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/dbe39998-8eb7-46ea-997f-7b27f6f16ea0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "star7th/showdoc",
              "vendor": "star7th",
              "versions": [
                {
                  "lessThan": "2.10.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stored XSS viva .webmv file upload in GitHub repository star7th/showdoc prior to 2.10.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-15T15:35:29.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/dbe39998-8eb7-46ea-997f-7b27f6f16ea0"
            }
          ],
          "source": {
            "advisory": "dbe39998-8eb7-46ea-997f-7b27f6f16ea0",
            "discovery": "EXTERNAL"
          },
          "title": "Stored XSS viva .webmv file upload in star7th/showdoc",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0964",
              "STATE": "PUBLIC",
              "TITLE": "Stored XSS viva .webmv file upload in star7th/showdoc"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "star7th/showdoc",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.10.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "star7th"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stored XSS viva .webmv file upload in GitHub repository star7th/showdoc prior to 2.10.4."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8",
                  "refsource": "MISC",
                  "url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
                },
                {
                  "name": "https://huntr.dev/bounties/dbe39998-8eb7-46ea-997f-7b27f6f16ea0",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/dbe39998-8eb7-46ea-997f-7b27f6f16ea0"
                }
              ]
            },
            "source": {
              "advisory": "dbe39998-8eb7-46ea-997f-7b27f6f16ea0",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0964",
        "datePublished": "2022-03-15T15:35:29.000Z",
        "dateReserved": "2022-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:43.228Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0965 (GCVE-0-2022-0965)

    Vulnerability from cvelistv5 – Published: 2022-03-15 15:35 – Updated: 2024-08-02 23:47
    VLAI
    Title
    Stored XSS viva .ofd file upload in star7th/showdoc
    Summary
    Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc prior to 2.10.4.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    star7th star7th/showdoc Affected: unspecified , < 2.10.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:42.789Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/d66c88ce-63e2-4515-a429-8e43a42aa347"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "star7th/showdoc",
              "vendor": "star7th",
              "versions": [
                {
                  "lessThan": "2.10.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc prior to 2.10.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-15T15:35:23.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/d66c88ce-63e2-4515-a429-8e43a42aa347"
            }
          ],
          "source": {
            "advisory": "d66c88ce-63e2-4515-a429-8e43a42aa347",
            "discovery": "EXTERNAL"
          },
          "title": "Stored XSS viva .ofd file upload in star7th/showdoc",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0965",
              "STATE": "PUBLIC",
              "TITLE": "Stored XSS viva .ofd file upload in star7th/showdoc"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "star7th/showdoc",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.10.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "star7th"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc prior to 2.10.4."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8",
                  "refsource": "MISC",
                  "url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
                },
                {
                  "name": "https://huntr.dev/bounties/d66c88ce-63e2-4515-a429-8e43a42aa347",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/d66c88ce-63e2-4515-a429-8e43a42aa347"
                }
              ]
            },
            "source": {
              "advisory": "d66c88ce-63e2-4515-a429-8e43a42aa347",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0965",
        "datePublished": "2022-03-15T15:35:23.000Z",
        "dateReserved": "2022-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:42.789Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0966 (GCVE-0-2022-0966)

    Vulnerability from cvelistv5 – Published: 2022-03-15 15:35 – Updated: 2024-08-02 23:47
    VLAI
    Title
    Stored XSS via File Upload in star7th/showdoc in star7th/showdoc
    Summary
    Stored XSS via File Upload in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.4.10.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    star7th star7th/showdoc Affected: unspecified , < 2.4.10 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:42.947Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/e06c0d55-00a3-4f82-a009-0310b2e402fe"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "star7th/showdoc",
              "vendor": "star7th",
              "versions": [
                {
                  "lessThan": "2.4.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stored XSS via File Upload in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.4.10."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-15T15:35:17.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/e06c0d55-00a3-4f82-a009-0310b2e402fe"
            }
          ],
          "source": {
            "advisory": "e06c0d55-00a3-4f82-a009-0310b2e402fe",
            "discovery": "EXTERNAL"
          },
          "title": "Stored XSS via File Upload in star7th/showdoc in star7th/showdoc",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0966",
              "STATE": "PUBLIC",
              "TITLE": "Stored XSS via File Upload in star7th/showdoc in star7th/showdoc"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "star7th/showdoc",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.4.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "star7th"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stored XSS via File Upload in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.4.10."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8",
                  "refsource": "MISC",
                  "url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
                },
                {
                  "name": "https://huntr.dev/bounties/e06c0d55-00a3-4f82-a009-0310b2e402fe",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/e06c0d55-00a3-4f82-a009-0310b2e402fe"
                }
              ]
            },
            "source": {
              "advisory": "e06c0d55-00a3-4f82-a009-0310b2e402fe",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0966",
        "datePublished": "2022-03-15T15:35:17.000Z",
        "dateReserved": "2022-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:42.947Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0967 (GCVE-0-2022-0967)

    Vulnerability from cvelistv5 – Published: 2022-03-15 15:35 – Updated: 2024-08-02 23:47
    VLAI
    Title
    Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in star7th/showdoc
    Summary
    Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    star7th star7th/showdoc Affected: unspecified , < 2.10.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:42.920Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/9dea3c98-7609-480d-902d-149067bd1e2a"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167198/Showdoc-2.10.3-Cross-Site-Scripting.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "star7th/showdoc",
              "vendor": "star7th",
              "versions": [
                {
                  "lessThan": "2.10.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-17T18:06:14.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/9dea3c98-7609-480d-902d-149067bd1e2a"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/167198/Showdoc-2.10.3-Cross-Site-Scripting.html"
            }
          ],
          "source": {
            "advisory": "9dea3c98-7609-480d-902d-149067bd1e2a",
            "discovery": "EXTERNAL"
          },
          "title": "Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in star7th/showdoc",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0967",
              "STATE": "PUBLIC",
              "TITLE": "Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in star7th/showdoc"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "star7th/showdoc",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.10.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "star7th"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8",
                  "refsource": "MISC",
                  "url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
                },
                {
                  "name": "https://huntr.dev/bounties/9dea3c98-7609-480d-902d-149067bd1e2a",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/9dea3c98-7609-480d-902d-149067bd1e2a"
                },
                {
                  "name": "http://packetstormsecurity.com/files/167198/Showdoc-2.10.3-Cross-Site-Scripting.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/167198/Showdoc-2.10.3-Cross-Site-Scripting.html"
                }
              ]
            },
            "source": {
              "advisory": "9dea3c98-7609-480d-902d-149067bd1e2a",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0967",
        "datePublished": "2022-03-15T15:35:11.000Z",
        "dateReserved": "2022-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:42.920Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0942 (GCVE-0-2022-0942)

    Vulnerability from cvelistv5 – Published: 2022-03-15 13:40 – Updated: 2024-08-02 23:47
    VLAI
    Title
    Stored XSS due to Unrestricted File Upload in star7th/showdoc
    Summary
    Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to 2.10.4.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    star7th star7th/showdoc Affected: unspecified , < 2.10.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:43.008Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/a412707c-18da-4c84-adc0-9801ed8068c9"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "star7th/showdoc",
              "vendor": "star7th",
              "versions": [
                {
                  "lessThan": "2.10.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to 2.10.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-15T13:40:10.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/a412707c-18da-4c84-adc0-9801ed8068c9"
            }
          ],
          "source": {
            "advisory": "a412707c-18da-4c84-adc0-9801ed8068c9",
            "discovery": "EXTERNAL"
          },
          "title": "Stored XSS due to Unrestricted File Upload in star7th/showdoc",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0942",
              "STATE": "PUBLIC",
              "TITLE": "Stored XSS due to Unrestricted File Upload in star7th/showdoc"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "star7th/showdoc",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.10.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "star7th"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to 2.10.4."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8",
                  "refsource": "MISC",
                  "url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
                },
                {
                  "name": "https://huntr.dev/bounties/a412707c-18da-4c84-adc0-9801ed8068c9",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/a412707c-18da-4c84-adc0-9801ed8068c9"
                }
              ]
            },
            "source": {
              "advisory": "a412707c-18da-4c84-adc0-9801ed8068c9",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0942",
        "datePublished": "2022-03-15T13:40:10.000Z",
        "dateReserved": "2022-03-13T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:43.008Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0957 (GCVE-0-2022-0957)

    Vulnerability from cvelistv5 – Published: 2022-03-15 12:30 – Updated: 2024-08-02 23:47
    VLAI
    Title
    Stored XSS via File Upload in star7th/showdoc
    Summary
    Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    star7th star7th/showdoc Affected: unspecified , < 2.10.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:42.901Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/b4918d45-b635-40db-bb4b-34035e1aca21"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/star7th/showdoc/commit/d1c9ed0d77ea5d56f09be0c492361dca8af745bb"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "star7th/showdoc",
              "vendor": "star7th",
              "versions": [
                {
                  "lessThan": "2.10.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-15T12:30:12.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/b4918d45-b635-40db-bb4b-34035e1aca21"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/star7th/showdoc/commit/d1c9ed0d77ea5d56f09be0c492361dca8af745bb"
            }
          ],
          "source": {
            "advisory": "b4918d45-b635-40db-bb4b-34035e1aca21",
            "discovery": "EXTERNAL"
          },
          "title": "Stored XSS via File Upload in star7th/showdoc",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0957",
              "STATE": "PUBLIC",
              "TITLE": "Stored XSS via File Upload in star7th/showdoc"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "star7th/showdoc",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.10.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "star7th"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/b4918d45-b635-40db-bb4b-34035e1aca21",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/b4918d45-b635-40db-bb4b-34035e1aca21"
                },
                {
                  "name": "https://github.com/star7th/showdoc/commit/d1c9ed0d77ea5d56f09be0c492361dca8af745bb",
                  "refsource": "MISC",
                  "url": "https://github.com/star7th/showdoc/commit/d1c9ed0d77ea5d56f09be0c492361dca8af745bb"
                }
              ]
            },
            "source": {
              "advisory": "b4918d45-b635-40db-bb4b-34035e1aca21",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0957",
        "datePublished": "2022-03-15T12:30:12.000Z",
        "dateReserved": "2022-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:42.901Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0956 (GCVE-0-2022-0956)

    Vulnerability from cvelistv5 – Published: 2022-03-15 12:20 – Updated: 2024-08-02 23:47
    VLAI
    Title
    Stored XSS via File Upload in star7th/showdoc
    Summary
    Stored XSS via File Upload in GitHub repository star7th/showdoc prior to v.2.10.4.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    star7th star7th/showdoc Affected: unspecified , < v.2.10.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:43.165Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/5b0e3f02-309f-4b59-8020-d7ac0f1999f2"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/star7th/showdoc/commit/56e450c3adf75c707500d7231a78c9fc894c7f13"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "star7th/showdoc",
              "vendor": "star7th",
              "versions": [
                {
                  "lessThan": "v.2.10.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stored XSS via File Upload in GitHub repository star7th/showdoc prior to v.2.10.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-15T12:20:10.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/5b0e3f02-309f-4b59-8020-d7ac0f1999f2"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/star7th/showdoc/commit/56e450c3adf75c707500d7231a78c9fc894c7f13"
            }
          ],
          "source": {
            "advisory": "5b0e3f02-309f-4b59-8020-d7ac0f1999f2",
            "discovery": "EXTERNAL"
          },
          "title": "Stored XSS via File Upload in star7th/showdoc",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0956",
              "STATE": "PUBLIC",
              "TITLE": "Stored XSS via File Upload in star7th/showdoc"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "star7th/showdoc",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v.2.10.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "star7th"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stored XSS via File Upload in GitHub repository star7th/showdoc prior to v.2.10.4."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/5b0e3f02-309f-4b59-8020-d7ac0f1999f2",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/5b0e3f02-309f-4b59-8020-d7ac0f1999f2"
                },
                {
                  "name": "https://github.com/star7th/showdoc/commit/56e450c3adf75c707500d7231a78c9fc894c7f13",
                  "refsource": "MISC",
                  "url": "https://github.com/star7th/showdoc/commit/56e450c3adf75c707500d7231a78c9fc894c7f13"
                }
              ]
            },
            "source": {
              "advisory": "5b0e3f02-309f-4b59-8020-d7ac0f1999f2",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0956",
        "datePublished": "2022-03-15T12:20:10.000Z",
        "dateReserved": "2022-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:43.165Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0951 (GCVE-0-2022-0951)

    Vulnerability from cvelistv5 – Published: 2022-03-15 08:20 – Updated: 2024-08-02 23:47
    VLAI
    Title
    File Upload Restriction Bypass leading to Stored XSS Vulnerability in star7th/showdoc
    Summary
    File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4.
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    References
    Impacted products
    Vendor Product Version
    star7th star7th/showdoc Affected: unspecified , < 2.10.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:43.353Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/star7th/showdoc/commit/237ac6d43bf3728bf3587c486a23b4a48ea7acb3"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/b3a983a3-17f9-4aa8-92d7-8a0c92a93932"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "star7th/showdoc",
              "vendor": "star7th",
              "versions": [
                {
                  "lessThan": "2.10.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-15T08:20:15.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/star7th/showdoc/commit/237ac6d43bf3728bf3587c486a23b4a48ea7acb3"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/b3a983a3-17f9-4aa8-92d7-8a0c92a93932"
            }
          ],
          "source": {
            "advisory": "b3a983a3-17f9-4aa8-92d7-8a0c92a93932",
            "discovery": "EXTERNAL"
          },
          "title": "File Upload Restriction Bypass leading to Stored XSS Vulnerability in star7th/showdoc",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0951",
              "STATE": "PUBLIC",
              "TITLE": "File Upload Restriction Bypass leading to Stored XSS Vulnerability in star7th/showdoc"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "star7th/showdoc",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.10.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "star7th"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/star7th/showdoc/commit/237ac6d43bf3728bf3587c486a23b4a48ea7acb3",
                  "refsource": "MISC",
                  "url": "https://github.com/star7th/showdoc/commit/237ac6d43bf3728bf3587c486a23b4a48ea7acb3"
                },
                {
                  "name": "https://huntr.dev/bounties/b3a983a3-17f9-4aa8-92d7-8a0c92a93932",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/b3a983a3-17f9-4aa8-92d7-8a0c92a93932"
                }
              ]
            },
            "source": {
              "advisory": "b3a983a3-17f9-4aa8-92d7-8a0c92a93932",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0951",
        "datePublished": "2022-03-15T08:20:15.000Z",
        "dateReserved": "2022-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:43.353Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0950 (GCVE-0-2022-0950)

    Vulnerability from cvelistv5 – Published: 2022-03-15 08:20 – Updated: 2024-08-02 23:47
    VLAI
    Title
    Unrestricted Upload of File with Dangerous Type in star7th/showdoc
    Summary
    Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4.
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    References
    Impacted products
    Vendor Product Version
    star7th star7th/showdoc Affected: unspecified , < 2.10.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:43.257Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/acc23996-bd57-448f-9eb4-05a8a046c2dc"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/star7th/showdoc/commit/237ac6d43bf3728bf3587c486a23b4a48ea7acb3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "star7th/showdoc",
              "vendor": "star7th",
              "versions": [
                {
                  "lessThan": "2.10.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-15T08:20:10.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/acc23996-bd57-448f-9eb4-05a8a046c2dc"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/star7th/showdoc/commit/237ac6d43bf3728bf3587c486a23b4a48ea7acb3"
            }
          ],
          "source": {
            "advisory": "acc23996-bd57-448f-9eb4-05a8a046c2dc",
            "discovery": "EXTERNAL"
          },
          "title": "Unrestricted Upload of File with Dangerous Type in star7th/showdoc",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0950",
              "STATE": "PUBLIC",
              "TITLE": "Unrestricted Upload of File with Dangerous Type in star7th/showdoc"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "star7th/showdoc",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.10.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "star7th"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/acc23996-bd57-448f-9eb4-05a8a046c2dc",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/acc23996-bd57-448f-9eb4-05a8a046c2dc"
                },
                {
                  "name": "https://github.com/star7th/showdoc/commit/237ac6d43bf3728bf3587c486a23b4a48ea7acb3",
                  "refsource": "MISC",
                  "url": "https://github.com/star7th/showdoc/commit/237ac6d43bf3728bf3587c486a23b4a48ea7acb3"
                }
              ]
            },
            "source": {
              "advisory": "acc23996-bd57-448f-9eb4-05a8a046c2dc",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0950",
        "datePublished": "2022-03-15T08:20:10.000Z",
        "dateReserved": "2022-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:43.257Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0945 (GCVE-0-2022-0945)

    Vulnerability from cvelistv5 – Published: 2022-03-15 03:50 – Updated: 2024-08-02 23:47
    VLAI
    Title
    Stored XSS viva axd and cshtml file upload in star7th/showdoc in star7th/showdoc
    Summary
    Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4.
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    References
    Impacted products
    Vendor Product Version
    star7th star7th/showdoc Affected: unspecified , < v2.10.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:42.758Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/8702e2bf-4af2-4391-b651-c8c89e7d089e"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/star7th/showdoc/commit/ba45d19e1d77a7eea866dab30eff5da552694891"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "star7th/showdoc",
              "vendor": "star7th",
              "versions": [
                {
                  "lessThan": "v2.10.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-15T03:50:35.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/8702e2bf-4af2-4391-b651-c8c89e7d089e"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/star7th/showdoc/commit/ba45d19e1d77a7eea866dab30eff5da552694891"
            }
          ],
          "source": {
            "advisory": "8702e2bf-4af2-4391-b651-c8c89e7d089e",
            "discovery": "EXTERNAL"
          },
          "title": "Stored XSS viva axd and cshtml file upload in star7th/showdoc in star7th/showdoc",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0945",
              "STATE": "PUBLIC",
              "TITLE": "Stored XSS viva axd and cshtml file upload in star7th/showdoc in star7th/showdoc"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "star7th/showdoc",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.10.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "star7th"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/8702e2bf-4af2-4391-b651-c8c89e7d089e",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/8702e2bf-4af2-4391-b651-c8c89e7d089e"
                },
                {
                  "name": "https://github.com/star7th/showdoc/commit/ba45d19e1d77a7eea866dab30eff5da552694891",
                  "refsource": "MISC",
                  "url": "https://github.com/star7th/showdoc/commit/ba45d19e1d77a7eea866dab30eff5da552694891"
                }
              ]
            },
            "source": {
              "advisory": "8702e2bf-4af2-4391-b651-c8c89e7d089e",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0945",
        "datePublished": "2022-03-15T03:50:35.000Z",
        "dateReserved": "2022-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:42.758Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0962 (GCVE-0-2022-0962)

    Vulnerability from cvelistv5 – Published: 2022-03-14 15:30 – Updated: 2024-08-02 23:47
    VLAI
    Title
    Stored XSS viva .webma file upload in star7th/showdoc
    Summary
    Stored XSS viva .webma file upload in GitHub repository star7th/showdoc prior to 2.10.4.
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    References
    Impacted products
    Vendor Product Version
    star7th star7th/showdoc Affected: unspecified , < 2.10.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:42.908Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/7ebe3e5f-2c86-44de-b83e-2ddb6bbda908"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "star7th/showdoc",
              "vendor": "star7th",
              "versions": [
                {
                  "lessThan": "2.10.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stored XSS viva .webma file upload in GitHub repository star7th/showdoc prior to 2.10.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-14T15:30:14.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/7ebe3e5f-2c86-44de-b83e-2ddb6bbda908"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
            }
          ],
          "source": {
            "advisory": "7ebe3e5f-2c86-44de-b83e-2ddb6bbda908",
            "discovery": "EXTERNAL"
          },
          "title": "Stored XSS viva .webma file upload in star7th/showdoc",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0962",
              "STATE": "PUBLIC",
              "TITLE": "Stored XSS viva .webma file upload in star7th/showdoc"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "star7th/showdoc",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.10.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "star7th"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stored XSS viva .webma file upload in GitHub repository star7th/showdoc prior to 2.10.4."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/7ebe3e5f-2c86-44de-b83e-2ddb6bbda908",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/7ebe3e5f-2c86-44de-b83e-2ddb6bbda908"
                },
                {
                  "name": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8",
                  "refsource": "MISC",
                  "url": "https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8"
                }
              ]
            },
            "source": {
              "advisory": "7ebe3e5f-2c86-44de-b83e-2ddb6bbda908",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0962",
        "datePublished": "2022-03-14T15:30:15.000Z",
        "dateReserved": "2022-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:42.908Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0960 (GCVE-0-2022-0960)

    Vulnerability from cvelistv5 – Published: 2022-03-14 14:45 – Updated: 2024-08-02 23:47
    VLAI
    Title
    Stored XSS viva .properties file upload in star7th/showdoc
    Summary
    Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4.
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    References
    Impacted products
    Vendor Product Version
    star7th star7th/showdoc Affected: unspecified , < 2.10.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:42.832Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/462cd8a7-b1a9-4e93-af71-b56ba1d7ad4e"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/star7th/showdoc/commit/92bc6a83a3a60e01a0d2effb98ab47d8d7eab28f"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "star7th/showdoc",
              "vendor": "star7th",
              "versions": [
                {
                  "lessThan": "2.10.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-14T14:45:13.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/462cd8a7-b1a9-4e93-af71-b56ba1d7ad4e"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/star7th/showdoc/commit/92bc6a83a3a60e01a0d2effb98ab47d8d7eab28f"
            }
          ],
          "source": {
            "advisory": "462cd8a7-b1a9-4e93-af71-b56ba1d7ad4e",
            "discovery": "EXTERNAL"
          },
          "title": "Stored XSS viva .properties file upload in star7th/showdoc",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0960",
              "STATE": "PUBLIC",
              "TITLE": "Stored XSS viva .properties file upload in star7th/showdoc"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "star7th/showdoc",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.10.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "star7th"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/462cd8a7-b1a9-4e93-af71-b56ba1d7ad4e",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/462cd8a7-b1a9-4e93-af71-b56ba1d7ad4e"
                },
                {
                  "name": "https://github.com/star7th/showdoc/commit/92bc6a83a3a60e01a0d2effb98ab47d8d7eab28f",
                  "refsource": "MISC",
                  "url": "https://github.com/star7th/showdoc/commit/92bc6a83a3a60e01a0d2effb98ab47d8d7eab28f"
                }
              ]
            },
            "source": {
              "advisory": "462cd8a7-b1a9-4e93-af71-b56ba1d7ad4e",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0960",
        "datePublished": "2022-03-14T14:45:13.000Z",
        "dateReserved": "2022-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:42.832Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0946 (GCVE-0-2022-0946)

    Vulnerability from cvelistv5 – Published: 2022-03-14 13:20 – Updated: 2024-08-02 23:47
    VLAI
    Title
    Stored XSS viva cshtm file upload in star7th/showdoc
    Summary
    Stored XSS viva cshtm file upload in GitHub repository star7th/showdoc prior to v2.10.4.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    star7th star7th/showdoc Affected: unspecified , < v2.10.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:42.965Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/1f8f0021-396e-428e-9748-dd4e359715e1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/star7th/showdoc/commit/e5d575928b1371a7e07b09b6592822298335062a"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "star7th/showdoc",
              "vendor": "star7th",
              "versions": [
                {
                  "lessThan": "v2.10.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stored XSS viva cshtm file upload in GitHub repository star7th/showdoc prior to v2.10.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-14T13:20:08.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/1f8f0021-396e-428e-9748-dd4e359715e1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/star7th/showdoc/commit/e5d575928b1371a7e07b09b6592822298335062a"
            }
          ],
          "source": {
            "advisory": "1f8f0021-396e-428e-9748-dd4e359715e1",
            "discovery": "EXTERNAL"
          },
          "title": "Stored XSS viva cshtm file upload in star7th/showdoc",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0946",
              "STATE": "PUBLIC",
              "TITLE": "Stored XSS viva cshtm file upload in star7th/showdoc"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "star7th/showdoc",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.10.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "star7th"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stored XSS viva cshtm file upload in GitHub repository star7th/showdoc prior to v2.10.4."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/1f8f0021-396e-428e-9748-dd4e359715e1",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/1f8f0021-396e-428e-9748-dd4e359715e1"
                },
                {
                  "name": "https://github.com/star7th/showdoc/commit/e5d575928b1371a7e07b09b6592822298335062a",
                  "refsource": "MISC",
                  "url": "https://github.com/star7th/showdoc/commit/e5d575928b1371a7e07b09b6592822298335062a"
                }
              ]
            },
            "source": {
              "advisory": "1f8f0021-396e-428e-9748-dd4e359715e1",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0946",
        "datePublished": "2022-03-14T13:20:08.000Z",
        "dateReserved": "2022-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:42.965Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0941 (GCVE-0-2022-0941)

    Vulnerability from cvelistv5 – Published: 2022-03-14 12:25 – Updated: 2024-08-02 23:47
    VLAI
    Title
    Stored XSS due to Unrestricted File Upload in star7th/showdoc
    Summary
    Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    star7th star7th/showdoc Affected: unspecified , < v2.10.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:43.231Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/040a910e-e689-4fcb-9e4f-95206515d1bc"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/star7th/showdoc/commit/4b6e6603c714aab1de346c5f5cb0bbb4c871be1f"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "star7th/showdoc",
              "vendor": "star7th",
              "versions": [
                {
                  "lessThan": "v2.10.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-14T12:25:09.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/040a910e-e689-4fcb-9e4f-95206515d1bc"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/star7th/showdoc/commit/4b6e6603c714aab1de346c5f5cb0bbb4c871be1f"
            }
          ],
          "source": {
            "advisory": "040a910e-e689-4fcb-9e4f-95206515d1bc",
            "discovery": "EXTERNAL"
          },
          "title": "Stored XSS due to Unrestricted File Upload in star7th/showdoc",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0941",
              "STATE": "PUBLIC",
              "TITLE": "Stored XSS due to Unrestricted File Upload in star7th/showdoc"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "star7th/showdoc",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.10.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "star7th"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/040a910e-e689-4fcb-9e4f-95206515d1bc",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/040a910e-e689-4fcb-9e4f-95206515d1bc"
                },
                {
                  "name": "https://github.com/star7th/showdoc/commit/4b6e6603c714aab1de346c5f5cb0bbb4c871be1f",
                  "refsource": "MISC",
                  "url": "https://github.com/star7th/showdoc/commit/4b6e6603c714aab1de346c5f5cb0bbb4c871be1f"
                }
              ]
            },
            "source": {
              "advisory": "040a910e-e689-4fcb-9e4f-95206515d1bc",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0941",
        "datePublished": "2022-03-14T12:25:09.000Z",
        "dateReserved": "2022-03-13T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:43.231Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }