What the vulnerability does
01Description
Stored XSS via File Upload in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.4.10.
CVE-2022-0966
MEDIUM
CVE-2022-0966: Stored XSS via File Upload in star7th/showdoc in star7th/showdoc
CVSS base score
6.4/10
CVSS vector
CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Key dates
02Disclosure timeline
March 15, 2022
CVE published
August 2, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-49235 WordPress RTMKit Addons for Elementor plugin <= 1.6.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-12848 XSS vulnerability when rendering filename in Webform Multiform
CVE-2022-39220 XSS Vulnerabilities in WebClient
CVE-2021-24878 SupportCandy < 2.2.7 - Reflected Cross-Site Scripting
CVE-2025-24017 YesWiki Vulnerable to Unauthenticated DOM Based XSS
