Search for packages
| purl | pkg:composer/showdoc/showdoc@2.4.11 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-158e-gra4-pke9
Aliases: CVE-2021-4000 GHSA-8c9x-wfgj-v78w |
Open Redirect in showdoc | There are no reported fixed by versions. |
|
VCID-3ez4-xzmr-qbd6
Aliases: CVE-2022-0880 GHSA-gq77-3r6x-383w |
Cross-site Scripting in ShowDoc |
Affected by 19 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-3n97-92yn-ckck
Aliases: CVE-2022-0951 GHSA-j6jg-w79c-7p8v |
File Upload Restriction Bypass leading to Cross-site Scripting in ShowDoc |
Affected by 1 other vulnerability. |
|
VCID-5a8d-7jh7-tfev
Aliases: CVE-2021-3989 GHSA-f545-vpwp-r9j7 |
showdoc is vulnerable to URL Redirection to Untrusted Site |
Affected by 25 other vulnerabilities. |
|
VCID-7ugv-9fct-fbgh
Aliases: CVE-2021-3990 GHSA-vrgh-5w3c-ggf8 |
showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) |
Affected by 25 other vulnerabilities. |
|
VCID-93sj-gsh9-5bb1
Aliases: CVE-2022-0941 GHSA-wg4r-q74r-p7c8 |
Cross-site Scripting in ShowDoc |
Affected by 1 other vulnerability. |
|
VCID-am4w-8by3-aygq
Aliases: CVE-2021-3993 GHSA-6pqm-xvfc-w7p4 |
showdoc is vulnerable to Cross-Site Request Forgery (CSRF) |
Affected by 25 other vulnerabilities. |
|
VCID-auh1-nb9b-zfg3
Aliases: CVE-2022-0950 GHSA-v94v-pxqp-5qgj |
Cross-site Scripting in ShowDoc |
Affected by 1 other vulnerability. |
|
VCID-bvhd-mwnt-ruev
Aliases: CVE-2021-3683 GHSA-x5jp-9fmm-m9pf |
showdoc is vulnerable to Cross-Site Request Forgery (CSRF) | There are no reported fixed by versions. |
|
VCID-c77c-87m4-wkaw
Aliases: CVE-2025-0520 GHSA-6jmr-r7p6-f5wr |
An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: before 2.8.7. |
Affected by 34 other vulnerabilities. |
|
VCID-deg7-4ma6-tyd2
Aliases: CVE-2022-0942 GHSA-9fcc-7g44-mxrj |
Cross-site Scripting in ShowDoc |
Affected by 1 other vulnerability. |
|
VCID-eqcs-tmpq-9ub7
Aliases: CVE-2021-3776 GHSA-m4hj-wg2r-qpcr |
showdoc is vulnerable to Cross-Site Request Forgery (CSRF) |
Affected by 25 other vulnerabilities. |
|
VCID-ewjx-puts-f7h4
Aliases: CVE-2022-0945 GHSA-vpwq-6cp4-ffqc |
Stored Cross-site Scripting in ShowDoc |
Affected by 1 other vulnerability. |
|
VCID-fa1j-6bzu-a3a5
Aliases: CVE-2021-4017 GHSA-f77h-m9w2-vvg2 |
showdoc is vulnerable to Cross-Site Request Forgery (CSRF) |
Affected by 25 other vulnerabilities. |
|
VCID-fk3v-vaj6-dka4
Aliases: CVE-2022-1034 GHSA-xp82-jmw8-mjxp |
Unrestricted Upload of File with Dangerous Type in ShowDoc |
Affected by 1 other vulnerability. |
|
VCID-fyk4-u9vt-pfgj
Aliases: CVE-2021-4168 GHSA-7vxc-chqj-h83g |
showdoc is vulnerable to Cross-Site Request Forgery (CSRF) |
Affected by 23 other vulnerabilities. |
|
VCID-kjsp-v37r-yue1
Aliases: CVE-2022-0362 GHSA-9cq5-xgg4-x477 |
SQL Injection in showdoc |
Affected by 19 other vulnerabilities. |
|
VCID-kwse-tbqn-tqfr
Aliases: CVE-2022-0965 GHSA-v8mp-hhjq-h4cj |
Cross-site Scripting in ShowDoc |
Affected by 1 other vulnerability. |
|
VCID-m3mp-m3pq-fbd9
Aliases: CVE-2022-0956 GHSA-wg8p-w946-c482 |
Cross-site Scripting in ShowDoc |
Affected by 1 other vulnerability. |
|
VCID-mybn-n9zu-ukfm
Aliases: CVE-2022-0960 GHSA-rphc-h572-2x9f |
Cross-site Scripting in showdoc/showdoc |
Affected by 1 other vulnerability. |
|
VCID-ny73-vkpe-mye4
Aliases: CVE-2022-0937 GHSA-mg5h-9rhq-4cqx |
Cross-site Scripting in ShowDoc |
Affected by 1 other vulnerability. |
|
VCID-pe2f-4yes-cyew
Aliases: CVE-2022-0409 GHSA-6x3j-x9rp-whxp |
Unrestricted Upload of File with Dangerous Type in showdoc |
Affected by 19 other vulnerabilities. |
|
VCID-pupy-jprc-17f4
Aliases: CVE-2022-0962 GHSA-pccm-j6vj-jwwf |
Cross-site Scripting in ShowDoc |
Affected by 1 other vulnerability. |
|
VCID-s5vu-x24p-4uga
Aliases: CVE-2022-0964 GHSA-xm3x-787m-p66r |
Cross-site Scripting in ShowDoc |
Affected by 1 other vulnerability. |
|
VCID-u4xp-xb3z-r7dm
Aliases: CVE-2022-0967 GHSA-3pg8-c473-w6rr |
Stored Cross-site Scripting in showdoc |
Affected by 1 other vulnerability. |
|
VCID-ubse-tfbr-audj
Aliases: CVE-2026-6982 GHSA-fm5r-cj7v-rj2c |
A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.class.PHP of the component API Page Sort Endpoint. Executing a manipulation of the argument pages can lead to sql injection. The attack may be launched remotely. Upgrading to version 3.8.1 addresses this issue. It is suggested to upgrade the affected component. According to the researcher, "[t]he vendor explicitly stated they will not backport patches to the older affected versions." |
Affected by 0 other vulnerabilities. |
|
VCID-urvq-g1g1-8bgy
Aliases: CVE-2022-0940 GHSA-82j4-vr25-x394 |
Cross-site Scripting in ShowDoc |
Affected by 1 other vulnerability. |
|
VCID-uwjs-9kjy-jqcp
Aliases: CVE-2021-4172 GHSA-7x22-pmw5-66mq |
Cross-site Scripting in showdoc |
Affected by 19 other vulnerabilities. |
|
VCID-vjve-v4fx-hffb
Aliases: CVE-2022-0957 GHSA-q73m-3q7r-fpf7 |
Cross-site Scripting in ShowDoc |
Affected by 1 other vulnerability. |
|
VCID-w3qg-kqjv-r7dk
Aliases: CVE-2022-0079 GHSA-5mj6-3cmq-fh34 |
showdoc is vulnerable to Generation of Error Message Containing Sensitive Information |
Affected by 22 other vulnerabilities. |
|
VCID-wbdc-jg9s-vqbp
Aliases: CVE-2021-3680 GHSA-8vh3-29mr-m9xg |
Affected by 33 other vulnerabilities. |
|
|
VCID-x5zj-4exs-t7em
Aliases: CVE-2022-0938 GHSA-mw75-qvfr-hpmr |
Cross-site Scripting in ShowDoc |
Affected by 1 other vulnerability. |
|
VCID-x91u-2hwa-3fhu
Aliases: CVE-2021-3775 GHSA-pjjf-hc4q-g298 |
showdoc is vulnerable to Cross-Site Request Forgery (CSRF) | There are no reported fixed by versions. |
|
VCID-xe8d-vba4-2yhw
Aliases: CVE-2021-3678 GHSA-j85q-whc9-g4p9 |
Affected by 33 other vulnerabilities. |
|
|
VCID-zsvd-ysfj-gkad
Aliases: CVE-2022-0946 GHSA-qq74-vgcf-54c3 |
Cross-site Scripting in ShowDoc |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||