Show filters
3 Total Results
Displaying 1-3 of 3
Sort by:
Attacker Value
Unknown
CVE-2018-19620
Disclosure Date: November 28, 2018 (last updated November 27, 2024)
ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified page_id.
0
Attacker Value
Unknown
CVE-2018-19609
Disclosure Date: November 27, 2018 (last updated November 27, 2024)
ShowDoc 2.4.1 allows remote attackers to obtain sensitive information by navigating with a modified page_id, as demonstrated by reading note content, or discovering a username in the JSON data at a diff URL.
0
Attacker Value
Unknown
CVE-2018-19433
Disclosure Date: November 22, 2018 (last updated November 27, 2024)
ShowDoc 2.4.1 has XSS via the lang parameter because install/database.php mishandles the $cur_lang value.
0
