CVE-2022-0940: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

March 14, 2022 (updated March 18, 2022)

Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4.

References

github.com/star7th/showdoc/commit/78522520892d4e29cc94148c6ec84a204a607b73
huntr.dev/bounties/856bd2e2-db4f-4b7d-9927-222261ae3782
nvd.nist.gov/vuln/detail/CVE-2022-0940

Code Behaviors & Features

Detect and mitigate CVE-2022-0940 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →