Lucene search
+L

6 matches found

nodejs
nodejs
added 2021/03/01 7:50 p.m.54 views

Cross-Site Scripting (XSS)

Overview In docsify before version 4.12.0 it is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods: - When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking place in...

4.3CVSS1.8AI score0.045EPSS
Exploits6Affected Software1
vulnersosv
vulnersosv
added 2021/03/01 7:44 p.m.9 views

docsify-cli (>=0.1.0 <=1.3.0) potentially affected by CVE-2021-23342 via docsify (=0.0.5)

docsify NPM version =0.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on docsify and may be impacted: - docsify-cli =0.1.0, =1.3.0 Source cves: CVE-2021-23342 Source advisory: OSV:GHSA-2MM9-C2FX-C7M4...

8.6CVSS6.6AI score0.01657EPSS
Exploits2
nvd
nvd
added 2021/02/19 5:15 p.m.28 views

CVE-2021-23342

This affects the package docsify before 4.12.0. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1 When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking plac...

8.6CVSS0.01657EPSS
Exploits2References5
osv
osv
added 2021/02/19 5:15 p.m.16 views

CVE-2021-23342

This affects the package docsify before 4.12.0. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1 When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking plac...

6.1CVSS6.9AI score
Exploits0References5
cvelist
cvelist
added 2021/02/19 4:35 p.m.30 views

CVE-2021-23342 Cross-site Scripting (XSS)

This affects the package docsify before 4.12.0. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1 When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking plac...

8.6CVSS7AI score0.01657EPSS
Exploits2References5
cve
cve
added 2021/02/19 4:35 p.m.98 views

CVE-2021-23342

The CVE-2021-23342 entry concerns docsify before version 4.12.0, where a bypass of CVE-2020-7680 allows cross-site scripting. The vulnerability arises because HTML sanitization performed for remote URLs on the main page is not applied in the sidebar, and the isURL external check can be bypassed b...

8.6CVSS6.6AI score0.01657EPSS
Exploits2References5Affected Software1
Rows per page
Query Builder