An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution. This issue affects ShowDoc: before 2.8.7.
ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified page_id.
There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4.
Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4.
File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4.
Stored XSS viva .webmv file upload in GitHub repository star7th/showdoc prior to 2.10.4.
Stored XSS via File Upload in GitHub repository star7th/showdoc prior to v.2.10.4.
Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4.
Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4.
Stored XSS via File Upload in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.4.10.
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to 2.10.4.
Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4.
Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc prior to 2.10.4.
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4.
Stored XSS via file upload in GitHub repository star7th/showdoc prior to v2.10.4.
Stored xss in showdoc through file upload in GitHub repository star7th/showdoc prior to 2.10.4.
Stored XSS viva cshtm file upload in GitHub repository star7th/showdoc prior to v2.10.4.
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4.
Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4.
Stored XSS viva .webma file upload in GitHub repository star7th/showdoc prior to 2.10.4.
Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2.
Unrestricted Upload of File with Dangerous Type in Packagist showdoc/showdoc prior to 2.10.2.
A SQL injection vulnerability was found in showdoc.
Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc
showdoc is vulnerable to Generation of Error Message Containing Sensitive Information
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
showdoc is vulnerable to URL Redirection to Untrusted Site
showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
showdoc is vulnerable to URL Redirection to Untrusted Site
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
ShowDoc ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions.
Unrestricted File Upload allows remote attackers to execute arbitrary code via the 'file_url' parameter.
showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
showdoc is vulnerable to Missing Cryptographic Step
server/index.php?s=/api/teamMember/save in ShowDoc has a CSRF that can add members to a team.
ShowDoc allows remote attackers to obtain sensitive information by navigating with a modified page_id, as demonstrated by reading note content, or discovering a username in the JSON data at a diff URL.
ShowDoc has an XSS via the lang parameter because install/database.php mishandles the $cur_lang value.
ShowDoc is vulnerable to XSS.