Vulnerabilities > Showdoc
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-13 | CVE-2021-3775 | Cross-Site Request Forgery (CSRF) vulnerability in Showdoc showdoc is vulnerable to Cross-Site Request Forgery (CSRF) | 5.8 |
| 2021-11-13 | CVE-2021-3776 | Cross-Site Request Forgery (CSRF) vulnerability in Showdoc showdoc is vulnerable to Cross-Site Request Forgery (CSRF) | 5.8 |
| 2021-10-22 | CVE-2021-41745 | Unrestricted Upload of File with Dangerous Type vulnerability in Showdoc 2.8.3 ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions. | 7.5 |
| 2021-09-08 | CVE-2021-36440 | Unrestricted Upload of File with Dangerous Type vulnerability in Showdoc 2.9.5 Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to execute arbitrary code via the 'file_url' parameter in the component AdminUpdateController.class.php'. | 7.5 |
| 2021-08-04 | CVE-2021-3678 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Showdoc showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) | 4.3 |
| 2021-08-04 | CVE-2021-3680 | Improper Verification of Cryptographic Signature vulnerability in Showdoc showdoc is vulnerable to Missing Cryptographic Step | 4.9 |
| 2018-11-28 | CVE-2018-19621 | Cross-Site Request Forgery (CSRF) vulnerability in Showdoc 2.4.2 server/index.php?s=/api/teamMember/save in ShowDoc 2.4.2 has a CSRF that can add members to a team. | 4.3 |
| 2018-11-28 | CVE-2018-19620 | Forced Browsing vulnerability in Showdoc 2.4.1 ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified page_id. | 4.0 |
| 2018-11-27 | CVE-2018-19609 | Information Exposure vulnerability in Showdoc 2.4.1 ShowDoc 2.4.1 allows remote attackers to obtain sensitive information by navigating with a modified page_id, as demonstrated by reading note content, or discovering a username in the JSON data at a diff URL. | 4.0 |
| 2018-11-22 | CVE-2018-19433 | Cross-site Scripting vulnerability in Showdoc 2.4.1 ShowDoc 2.4.1 has XSS via the lang parameter because install/database.php mishandles the $cur_lang value. | 4.3 |