CVE-2022-0960
Cross-site Scripting in showdoc/showdoc
9.0
CRITICAL
CVSS 3.1
EPSS 0.39%
Description
ShowDoc is a tool greatly applicable for an IT team to share documents online. showdoc/showdoc allows .properties files to upload which lead to stored XSS in versions prior to 2.10.4. This allows attackers to execute malicious scripts in the user's browser. This issue was patched in version 2.10.4. There is currently no known workaround.
How to fix CVE-2022-0960
To remediate CVE-2022-0960, upgrade the affected package to a fixed version below.
- —upgrade to 2.10.4 or later
Is CVE-2022-0960 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.10.4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.0 | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H |