Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-QPQH-46QJ-VWCW
HistoryMay 18, 2021 - 1:53 a.m.

Cross-site Scripting in docsify

2021-05-1801:53:18
CWE-79
GitHub Advisory Database
github.com
43

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.017 Low

EPSS

Percentile

87.4%

JSON

docsify prior to 4.11.4 is susceptible to Cross-site Scripting (XSS). Docsify.js uses fragment identifiers (parameters after # sign) to load resources from server-side .md files. Due to lack of validation here, it is possible to provide external URLs after the /#/ (domain.com/#//attacker.com) and render arbitrary JavaScript/HTML inside docsify page.

CPENameOperatorVersion
docsifylt4.11.4

Related

osv 4
nodejs 1
veracode 1
packetstorm 1
cve 2
zdt 2
prion 2
exploitdb 1
github 1
osv
osv
Cross-site Scripting in docsify
2021-05-18 01:53:18
CVE-2020-7680
2020-07-20 16:15:12
Docsify XSS Vulnerability
2021-03-01 19:44:27
nodejs
nodejs
Cross-Site Scripting (XSS)
2021-05-18 01:58:00
veracode
veracode
Cross-site Scripting (XSS)
2020-07-21 01:54:34
packetstorm
packetstorm
Docsify.js 4.11.4 Cross Site Scripting
2020-07-22 00:00:00
cve
cve
CVE-2020-7680
2020-07-20 16:15:00
CVE-2021-23342
2021-02-19 17:15:00
zdt
zdt
Docsify 4.11.4 - Reflective Cross-Site Scripting Vulnerability
2020-07-22 00:00:00
docsify 4.11.6 Cross Site Scripting Vulnerability
2021-02-22 00:00:00
prion
prion
Cross site scripting
2020-07-20 16:15:00
Authentication flaw
2021-02-19 17:15:00
exploitdb
exploitdb
Docsify.js 4.11.4 - Reflective Cross-Site Scripting
2020-07-22 00:00:00
github
github
Docsify XSS Vulnerability
2021-03-01 19:44:27

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.017 Low

EPSS

Percentile

87.4%

JSON
Related for GHSA-QPQH-46QJ-VWCW
osv4nodejs1veracode1packetstorm1cve2zdt2prion2exploitdb1github1