CVE-2022-0945 : What You Need to Know
Critical stored XSS vulnerability (CVSS 9.0) in star7th/showdoc before v2.10.4 allows attackers to upload malicious axd and cshtml files for script execution. Update to the latest version for protection.
A stored XSS vulnerability via axd and cshtml file upload has been discovered in star7th/showdoc prior to version 2.10.4. This vulnerability has a CVSS base score of 9.0.
Understanding CVE-2022-0945
This CVE involves a stored XSS vulnerability in the star7th/showdoc GitHub repository.
What is CVE-2022-0945?
The vulnerability allows attackers to execute malicious scripts through axd and cshtml file uploads in star7th/showdoc before version 2.10.4.
The Impact of CVE-2022-0945
The impact of this vulnerability is critical, with high confidentiality, integrity, and availability impacts, requiring low privileges for exploitation.
Technical Details of CVE-2022-0945
This section provides details on the vulnerability's description, affected systems and versions, and exploitation mechanism.
Vulnerability Description
The vulnerability enables stored XSS attacks via axd and cshtml file uploads in the star7th/showdoc repository.
Affected Systems and Versions
The vulnerability affects star7th/showdoc versions prior to 2.10.4.
Exploitation Mechanism
Attackers can exploit this vulnerability by uploading malicious axd and cshtml files to execute scripts.
Mitigation and Prevention
Mitigate the risks associated with CVE-2022-0945 by following these security practices.
Immediate Steps to Take
Update star7th/showdoc to version 2.10.4 or later to patch the vulnerability. Review uploaded files for malicious content.
Long-Term Security Practices
Implement file upload restrictions, input sanitization, and regular security scans to prevent similar vulnerabilities.
Patching and Updates
Stay informed about security updates for star7th/showdoc and promptly apply patches to protect against known vulnerabilities.