Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
•added 2026/01/09 9:59 a.m.•10 views

CVE-2020-7680

docsify prior to 4.11.4 is susceptible to Cross-site Scripting XSS. Docsify.js uses fragment identifiers parameters after sign to load resources from server-side .md files. Due to lack of validation here, it is possible to provide external URLs after the // domain.com///attacker.com and render...

6.1CVSS6.5AI score0.045EPSS
Exploits5References1
EUVD
EUVD
•added 2025/10/07 12:30 a.m.•4 views

EUVD-2021-0585

Malware in sbrugna...

8.6CVSS6.9AI score0.01657EPSS
Exploits2References8
Node.js
Node.js
•added 2021/03/01 7:50 p.m.•54 views

Cross-Site Scripting (XSS)

Overview In docsify before version 4.12.0 it is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods: - When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking place in...

4.3CVSS1.8AI score0.045EPSS
Exploits6Affected Software1
OSV
OSV
•added 2021/03/01 7:44 p.m.•23 views

GHSA-2MM9-C2FX-C7M4 Docsify XSS Vulnerability

This affects the package docsify before 4.12.0. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1 When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking plac...

6.1CVSS6.5AI score0.01657EPSS
Exploits2References7
0day.today
0day.today
•added 2021/02/22 12:0 a.m.•93 views

docsify 4.11.6 Cross Site Scripting Vulnerability

docsify versions 4.11.6 and below suffer from a cross site scripting vulnerability. This vulnerability exists due to an incomplete fix for CVE-2020-7680. -------------------------------------------------------------- docsify = 4.11.6 DOM-based Cross-Site Scripting Vulnerability...

8.6CVSS6.4AI score0.045EPSS
Exploits6
Circl
Circl
•added 2021/02/19 8:51 p.m.•6 views

CVE-2020-7680

creationtimestamp| type| source ---|---|--- 2021-02-19 20:51:32+00:00| seen| https://t.me/cibsecurity/23878...

6.1CVSS5.9AI score0.045EPSS
Exploits5References1
Exploit DB
Exploit DB
•added 2020/07/22 12:0 a.m.•616 views

Docsify.js 4.11.4 - Reflective Cross-Site Scripting

Exploit Title: Docsify.js 4.11.4 - Reflective Cross-Site Scripting Date: 2020-06-22 Exploit Author: Amin Sharifi Vendor Homepage: https://docsify.js.org Software Link: https://github.com/docsifyjs/docsify Version: 4.11.4 Tested on: Windows 10 CVE : CVE-2020-7680 docsify.js uses fragment identifie...

6.1CVSS6.5AI score0.045EPSS
Exploits5
0day.today
0day.today
•added 2020/07/22 12:0 a.m.•535 views

Docsify 4.11.4 - Reflective Cross-Site Scripting Vulnerability

Exploit for multiple platform in category web applications Exploit Title: Docsify.js 4.11.4 - Reflective Cross-Site Scripting Exploit Author: Amin Sharifi Vendor Homepage: https://docsify.js.org Software Link: https://github.com/docsifyjs/docsify Version: 4.11.4 Tested on: Windows 10 CVE :...

6.6AI score0.045EPSS
Exploits5
NVD
NVD
•added 2020/07/20 4:15 p.m.•10 views

CVE-2020-7680

docsify prior to 4.11.4 is susceptible to Cross-site Scripting XSS. Docsify.js uses fragment identifiers parameters after sign to load resources from server-side .md files. Due to lack of validation here, it is possible to provide external URLs after the // domain.com///attacker.com and render...

6.1CVSS6.6AI score0.045EPSS
Exploits5References6
OSV
OSV
•added 2020/07/20 4:15 p.m.•20 views

CVE-2020-7680

docsify prior to 4.11.4 is susceptible to Cross-site Scripting XSS. Docsify.js uses fragment identifiers parameters after sign to load resources from server-side .md files. Due to lack of validation here, it is possible to provide external URLs after the // domain.com///attacker.com and render...

6.1CVSS6.4AI score
Exploits0References6
CVE
CVE
•added 2020/07/20 3:22 p.m.•86 views

CVE-2020-7680

Summary of CVE-2020-7680 (docsify XSS) Affected software: docsify prior to version 4.11.4 (docsify.js) which loads resources via fragment identifiers after # (e.g., domain.com/#//attacker.com) to server-side .md files. Root cause: insufficient validation of these fragment URLs allows rendering ar...

6.1CVSS5.9AI score0.045EPSS
Exploits5References6Affected Software1
Rows per page
Query Builder