Showdoc : Security Vulnerabilities, CVEs, Published In 2018 CVSS score >= 6
server/index.php?s=/api/teamMember/save in ShowDoc 2.4.2 has a CSRF that can add members to a team.
Max CVSS
6.5
EPSS Score
0.06%
Published
2018-11-28
Updated
2018-12-26
ShowDoc 2.4.1 allows remote attackers to obtain sensitive information by navigating with a modified page_id, as demonstrated by reading note content, or discovering a username in the JSON data at a diff URL.
Max CVSS
6.5
EPSS Score
0.19%
Published
2018-11-27
Updated
2018-12-21
ShowDoc 2.4.1 has XSS via the lang parameter because install/database.php mishandles the $cur_lang value.
Max CVSS
6.1
EPSS Score
0.09%
Published
2018-11-22
Updated
2018-12-18
3 vulnerabilities found