6 matches found
Cross-Site Scripting (XSS)
Overview In docsify before version 4.12.0 it is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods: - When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking place in...
docsify-cli (>=0.1.0 <=1.3.0) potentially affected by CVE-2021-23342 via docsify (=0.0.5)
docsify NPM version =0.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on docsify and may be impacted: - docsify-cli =0.1.0, =1.3.0 Source cves: CVE-2021-23342 Source advisory: OSV:GHSA-2MM9-C2FX-C7M4...
CVE-2021-23342
This affects the package docsify before 4.12.0. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1 When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking plac...
CVE-2021-23342
This affects the package docsify before 4.12.0. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1 When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking plac...
CVE-2021-23342 Cross-site Scripting (XSS)
This affects the package docsify before 4.12.0. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1 When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking plac...
CVE-2021-23342
The CVE-2021-23342 entry concerns docsify before version 4.12.0, where a bypass of CVE-2020-7680 allows cross-site scripting. The vulnerability arises because HTML sanitization performed for remote URLs on the main page is not applied in the sidebar, and the isURL external check can be bypassed b...