Headline
CVE-2022-0956: file upload bug · star7th/showdoc@56e450c
Stored XSS via File Upload in GitHub repository star7th/showdoc prior to v.2.10.4.
@@ -329,7 +329,7 @@ public function isAllowedFilename($filename){
'.zip’,’.tar’,’.gz’,’.tgz’,’.ipa’,’.apk’,’.rar’,’.iso’,’.bz2’,’.epub’,
'.pdf’,’.ofd’,’.swf’,’.epub’,’.xps’,
'.doc’,’.docx’,’.odt’,’.rtf’,’.docm’,’.dotm’,’.dot’,’.dotx’,’.wps’,’.wpt’,
'.ppt’,’.pptx’,’.xls’,’.xlsx’,’.txt’,’.md’,’.psd’,’.csv’,
'.ppt’,’.pptx’,’.xls’,’.xlsx’,’.txt’,’.psd’,’.csv’,
'.cer’,’.ppt’,’.pub’,’.properties’,’.json’,’.css’,
) ;