Stored XSS due to Unrestricted File Upload in star7th/showdoc


Reported on

Mar 13th 2022


Stored XSS via uploading files in .xsd, .asa and .aspx (already mentioned in previous report) formats.

Proof of Concept

For .xsd


<a:script xmlns:a="">alert(1)</a:script>

For .asa and .aspx



Steps to Reproduce

1.Login into
2.Navigate to file library (
3.In the File Library page, click the Upload button and choose the poc.xsd file.
4.After uploading the file, click on the check button to open that file in a new tab.

XSS will trigger when the attachment is opened in a new tab.


.xsd -
.asa -
.aspx -


An attacker can perform social engineering on users by redirecting them from a real website to a fake one. a hacker can steal their cookies etc.

We are processing your report and will contact the star7th/showdoc team within 24 hours. 2 months ago
Ajaysen R modified the report
2 months ago
Ajaysen R submitted a
2 months ago
star7th validated this vulnerability 2 months ago
Ajaysen R has been awarded the disclosure bounty
The fix bounty is now up for grabs
2 months ago


I won't set this problem as "fixed" for the time being. If you find similar problems, you can give feedback again

Ajaysen R
2 months ago


Ok, Fine.

2 months ago


I have updated the whitelist mechanism. And tested it again. There should be no more omissions. So let me fix this problem. At the same time, I'll write you the repairer, so you get an extra $20.

star7th confirmed that a fix has been merged on 3caa32 2 months ago
Ajaysen R has been awarded the fix bounty
to join this conversation