Showdoc: >> Showdoc >> 2.4.1 Security Vulnerabilities
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
CVSS Score
4.3
EPSS Score
0.001
Published
2021-11-13
showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CVSS Score
7.5
EPSS Score
0.004
Published
2021-08-04
showdoc is vulnerable to Missing Cryptographic Step
CVSS Score
5.3
EPSS Score
0.001
Published
2021-08-04
ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified page_id.
CVSS Score
4.3
EPSS Score
0.001
Published
2018-11-28
ShowDoc 2.4.1 allows remote attackers to obtain sensitive information by navigating with a modified page_id, as demonstrated by reading note content, or discovering a username in the JSON data at a diff URL.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-11-27
ShowDoc 2.4.1 has XSS via the lang parameter because install/database.php mishandles the $cur_lang value.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-22
Page 4