Stored xss in showdoc through file upload in star7th/showdoc


Reported on

Mar 12th 2022


Hi. This is a bypass to the report in . It fails to check for files with the extension .shtml which leads to stored xss

Proof of Concept

// poc.shtml
        <h1 onmouseover=alert(1)>adsasdadsdsa</h1>


Stored Xss

We are processing your report and will contact the star7th/showdoc team within 24 hours. 2 years ago
We have contacted a member of the star7th/showdoc team and are waiting to hear back 2 years ago
star7th validated this vulnerability 2 years ago
noobexploiterhuntrdev has been awarded the disclosure bounty
The fix bounty is now up for grabs
star7th marked this as fixed in 2.10.4 with commit 42c0d9 2 years ago
star7th has been awarded the fix bounty
to join this conversation