ShowDoc prior to 2.10.4 is vulnerable to a file upload restriction bypass leading to stored cross-site scripting. References https://nvd.nist.gov/vuln/detail/CVE-2022-0951 https://github.com/star7th/showdoc/commit/237ac6d43bf3728bf3587c486a23b4a48ea7acb3 https://huntr.dev/bounties/b3a983a3-17f9-4aa8-92d7-8a0c92a93932 https://github.com/advisories/GHSA-j6jg-w79c-7p8v