Vulnerabilities > Showdoc > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-28 | CVE-2018-19620 | Forced Browsing vulnerability in Showdoc 2.4.1 ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified page_id. | 4.3 |
| 2018-11-27 | CVE-2018-19609 | Information Exposure vulnerability in Showdoc 2.4.1 ShowDoc 2.4.1 allows remote attackers to obtain sensitive information by navigating with a modified page_id, as demonstrated by reading note content, or discovering a username in the JSON data at a diff URL. | 6.5 |
| 2018-11-22 | CVE-2018-19433 | Cross-site Scripting vulnerability in Showdoc 2.4.1 ShowDoc 2.4.1 has XSS via the lang parameter because install/database.php mishandles the $cur_lang value. | 6.1 |
| 2018-09-02 | CVE-2018-16342 | Cross-site Scripting vulnerability in Showdoc 1.8.0 ShowDoc v1.8.0 has XSS via a new page. | 5.4 |