CVE-2022-0938

Name of the Vulnerable Software and Affected Versions ShowDoc versions prior to 2.10.4

Description The issue is a stored cross-site scripting (XSS) vulnerability that occurs via file upload. This means an attacker can upload a malicious file to the system, which then executes the script when the file is accessed by another user, potentially allowing the attacker to steal user data or take control of the user's session. A patch is available and is part of version 2.10.4.

Recommendations For versions prior to 2.10.4, update to version 2.10.4 or later to resolve the issue. As a temporary workaround, consider restricting file uploads or disabling the file upload feature until the patch is applied.