Advisories for Composer/Showdoc/Showdoc package

There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4.

Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4.

File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4.

Stored XSS viva .webmv file upload in GitHub repository star7th/showdoc prior to 2.10.4.

Stored XSS via File Upload in GitHub repository star7th/showdoc prior to v.2.10.4.

Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4.

Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4.

Stored XSS via File Upload in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.4.10.

Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to 2.10.4.

Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4.

Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc prior to 2.10.4.

Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4.

Stored XSS via file upload in GitHub repository star7th/showdoc prior to v2.10.4.

Stored xss in showdoc through file upload in GitHub repository star7th/showdoc prior to 2.10.4.

Stored XSS viva cshtm file upload in GitHub repository star7th/showdoc prior to v2.10.4.

Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4.

Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4.

Stored XSS viva .webma file upload in GitHub repository star7th/showdoc prior to 2.10.4.

Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2.

Unrestricted Upload of File with Dangerous Type in Packagist showdoc/showdoc prior to 2.10.2.

A SQL injection vulnerability was found in showdoc.

Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc

showdoc is vulnerable to Generation of Error Message Containing Sensitive Information

showdoc is vulnerable to Cross-Site Request Forgery (CSRF)

showdoc is vulnerable to URL Redirection to Untrusted Site

showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

showdoc is vulnerable to URL Redirection to Untrusted Site

showdoc is vulnerable to Cross-Site Request Forgery (CSRF)

showdoc is vulnerable to Cross-Site Request Forgery (CSRF)

showdoc is vulnerable to Cross-Site Request Forgery (CSRF)

showdoc is vulnerable to Cross-Site Request Forgery (CSRF)

showdoc is vulnerable to Cross-Site Request Forgery (CSRF)

ShowDoc ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions.

Unrestricted File Upload allows remote attackers to execute arbitrary code via the 'file_url' parameter.

showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

showdoc is vulnerable to Missing Cryptographic Step

ShowDoc allows remote attackers to edit other users' notes by navigating with a modified page_id.

server/index.php?s=/api/teamMember/save in ShowDoc has a CSRF that can add members to a team.

ShowDoc allows remote attackers to obtain sensitive information by navigating with a modified page_id, as demonstrated by reading note content, or discovering a username in the JSON data at a diff URL.

ShowDoc has an XSS via the lang parameter because install/database.php mishandles the $cur_lang value.

ShowDoc is vulnerable to XSS.