Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

star7th — Vulnerabilities & Security Advisories 35

Browse all 35 CVE security advisories affecting star7th. AI-powered Chinese analysis, POCs, and references for each vulnerability.

star7th operates primarily as a provider of enterprise resource planning and customer relationship management software solutions, targeting mid-sized businesses with integrated administrative tools. Security audits have identified approximately 35 Common Vulnerabilities and Exposures associated with their platforms, predominantly involving SQL injection and cross-site scripting flaws. These vulnerabilities frequently stem from insufficient input validation in web interfaces, allowing attackers to manipulate database queries or inject malicious scripts. While remote code execution incidents are less frequent, privilege escalation risks remain a concern due to improper access control mechanisms in certain modules. No major public data breaches have been widely reported, though the consistent presence of these CVEs suggests ongoing challenges in securing legacy codebases. Organizations utilizing star7th products should prioritize regular patching and implement strict input sanitization protocols to mitigate these known attack vectors effectively.

Top products by star7th: star7th/showdoc ShowDoc
CVE IDTitleCVSSSeverityPublished
CVE-2026-6982 star7th ShowDoc API Page Sort Endpoint PageController.class.PHP sql injection — ShowDocCWE-89 6.3 Medium2026-04-25
CVE-2022-1034 There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in star7th/showdoc — star7th/showdocCWE-434 7.2 -2022-03-22
CVE-2022-0964 Stored XSS viva .webmv file upload in star7th/showdoc — star7th/showdocCWE-79 5.4 -2022-03-15
CVE-2022-0965 Stored XSS viva .ofd file upload in star7th/showdoc — star7th/showdocCWE-79 5.4 -2022-03-15
CVE-2022-0966 Stored XSS via File Upload in star7th/showdoc in star7th/showdoc — star7th/showdocCWE-79 5.4 -2022-03-15
CVE-2022-0967 Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in star7th/showdoc — star7th/showdocCWE-79 5.4 -2022-03-15
CVE-2022-0942 Stored XSS due to Unrestricted File Upload in star7th/showdoc — star7th/showdocCWE-79 5.4 -2022-03-15
CVE-2022-0957 Stored XSS via File Upload in star7th/showdoc — star7th/showdocCWE-79 5.4 -2022-03-15
CVE-2022-0956 Stored XSS via File Upload in star7th/showdoc — star7th/showdocCWE-79 5.4 -2022-03-15
CVE-2022-0951 File Upload Restriction Bypass leading to Stored XSS Vulnerability in star7th/showdoc — star7th/showdocCWE-434 5.4 -2022-03-15
CVE-2022-0950 Unrestricted Upload of File with Dangerous Type in star7th/showdoc — star7th/showdocCWE-434 8.7 -2022-03-15
CVE-2022-0945 Stored XSS viva axd and cshtml file upload in star7th/showdoc in star7th/showdoc — star7th/showdocCWE-434 5.4 -2022-03-15
CVE-2022-0962 Stored XSS viva .webma file upload in star7th/showdoc — star7th/showdocCWE-434 5.4 -2022-03-14
CVE-2022-0960 Stored XSS viva .properties file upload in star7th/showdoc — star7th/showdocCWE-434 5.4 -2022-03-14
CVE-2022-0946 Stored XSS viva cshtm file upload in star7th/showdoc — star7th/showdocCWE-79 5.4 -2022-03-14
CVE-2022-0941 Stored XSS due to Unrestricted File Upload in star7th/showdoc — star7th/showdocCWE-79 5.4 -2022-03-14
CVE-2022-0940 Stored XSS due to Unrestricted File Upload in star7th/showdoc — star7th/showdocCWE-79 5.4 -2022-03-14
CVE-2022-0938 Stored XSS via file upload in star7th/showdoc — star7th/showdocCWE-79 5.4 -2022-03-14
CVE-2022-0937 Stored xss in showdoc through file upload in star7th/showdoc — star7th/showdocCWE-79 5.4 -2022-03-14
CVE-2022-0880 Cross-site Scripting (XSS) - Stored in star7th/showdoc — star7th/showdocCWE-79 5.4 -2022-03-12
CVE-2022-0409 Unrestricted Upload of File with Dangerous Type in star7th/showdoc — star7th/showdocCWE-434 8.0 -2022-02-19
CVE-2022-0362 SQL Injection in star7th/showdoc — star7th/showdocCWE-89 8.8 -2022-01-26
CVE-2021-4172 Cross-site Scripting (XSS) - Stored in star7th/showdoc — star7th/showdocCWE-79 5.4 -2022-01-22
CVE-2022-0079 Generation of Error Message Containing Sensitive Information in star7th/showdoc — star7th/showdocCWE-209 5.3 -2022-01-03
CVE-2021-4168 Cross-Site Request Forgery (CSRF) in star7th/showdoc — star7th/showdocCWE-352 6.5 -2021-12-26
CVE-2021-4000 Open Redirect in star7th/showdoc — star7th/showdocCWE-601 6.1 -2021-12-03
CVE-2021-3989 Open Redirect in star7th/showdoc — star7th/showdocCWE-601 6.1 -2021-12-01
CVE-2021-3990 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in star7th/showdoc — star7th/showdocCWE-338 5.3 -2021-12-01
CVE-2021-3993 Cross-Site Request Forgery (CSRF) in star7th/showdoc — star7th/showdocCWE-352 6.5 -2021-12-01
CVE-2021-4017 Cross-Site Request Forgery (CSRF) in star7th/showdoc — star7th/showdocCWE-352 6.5 -2021-12-01

This page lists every published CVE security advisory associated with star7th. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.