CVE-2022-0965

Name of the Vulnerable Software and Affected Versions ShowDoc versions prior to 2.10.4

Description The issue is related to stored cross-site scripting (XSS) via .ofd file upload. This allows for the execution of malicious scripts when a user uploads a specially crafted .ofd file. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited.

Recommendations For versions prior to 2.10.4, update to version 2.10.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the .ofd file upload feature until the update is applied.