[showdoc/showdoc] Cross-site Scripting in ShowDoc

ShowDoc prior to 2.10.4 is vulnerable to stored cross-site scripting via uploading files with files in .xsd, .asa, and .aspx formats.

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-0942
• https://github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8
• https://huntr.dev/bounties/a412707c-18da-4c84-adc0-9801ed8068c9
• https://github.com/advisories/GHSA-9fcc-7g44-mxrj