Headline
CVE-2022-0880: file upload bug · star7th/showdoc@818d7fe
Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2.
Permalink
Browse files
file upload bug
- Loading branch information
1 parent 85af5ab commit 818d7fe731f452acccacf731ce47ec27ad68049c
Showing with 1 addition and 0 deletions.
- +1 −0 server/Application/Api/Model/AttachmentModel.class.php
@@ -301,6 +301,7 @@ public function isDangerFilename($filename){
|| $isDangerStr($filename , “.svg”)
|| $isDangerStr($filename , “.htm”)
|| $isDangerStr($filename , “%”)
|| $isDangerStr($filename , “.xml”)
) {
return true;
}
0 comments on commit 818d7fe
Please sign in to comment.