ShowDoc prior to 2.10.4 is vulnerable to stored cross-site scripting via file upload. References https://nvd.nist.gov/vuln/detail/CVE-2022-0956 https://github.com/star7th/showdoc/commit/56e450c3adf75c707500d7231a78c9fc894c7f13 https://huntr.dev/bounties/5b0e3f02-309f-4b59-8020-d7ac0f1999f2 https://github.com/advisories/GHSA-wg8p-w946-c482