35 matches found
CVE-2020-7680
docsify prior to 4.11.4 is susceptible to Cross-site Scripting XSS. Docsify.js uses fragment identifiers parameters after sign to load resources from server-side .md files. Due to lack of validation here, it is possible to provide external URLs after the // domain.com///attacker.com and render...
EUVD-2021-0585
Malware in sbrugna...
EUVD-2021-1169
Malware in sbrugna...
EUVD-2022-2591
Malicious code in bioql PyPI...
CVE-2021-30074
docsify 4.12.1 is affected by Cross Site Scripting XSS because the search component does not appropriately encode Code Blocks and mishandles the " character...
GHSA-5H7X-68WJ-JHWC Docsify vulnerable to cross-site scripting due to mishandled encoding
docsify versions 4.12.1 and earlier are vulnerable to cross-site scripting XSS because the search component does not appropriately encode Code Blocks and mishandles the " character...
Docsify vulnerable to cross-site scripting due to mishandled encoding
docsify versions 4.12.1 and earlier are vulnerable to cross-site scripting XSS because the search component does not appropriately encode Code Blocks and mishandles the " character...
Cross-Site Scripting (XSS)
Overview docsify prior to 4.11.4 is susceptible to Cross-site Scripting XSS. Docsify.js uses fragment identifiers parameters after sign to load resources from server-side .md files. Due to lack of validation here, it is possible to provide external URLs after the // domain.com///attacker.com and...
docsify-cli (>=0.1.0 <=1.3.0) potentially affected by CVE-2020-7680 via docsify (=0.0.5)
docsify NPM version =0.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on docsify and may be impacted: - docsify-cli =0.1.0, =1.3.0 Source cves: CVE-2020-7680 Source advisory: OSV:GHSA-QPQH-46QJ-VWCW...
Cross-site Scripting in docsify
docsify prior to 4.11.4 is susceptible to Cross-site Scripting XSS. Docsify.js uses fragment identifiers parameters after sign to load resources from server-side .md files. Due to lack of validation here, it is possible to provide external URLs after the // domain.com///attacker.com and render...
GHSA-QPQH-46QJ-VWCW Cross-site Scripting in docsify
docsify prior to 4.11.4 is susceptible to Cross-site Scripting XSS. Docsify.js uses fragment identifiers parameters after sign to load resources from server-side .md files. Due to lack of validation here, it is possible to provide external URLs after the // domain.com///attacker.com and render...
CVE-2021-30074
docsify 4.12.1 is affected by Cross Site Scripting XSS because the search component does not appropriately encode Code Blocks and mishandles the " character...
CVE-2021-30074
docsify 4.12.1 is affected by Cross Site Scripting XSS because the search component does not appropriately encode Code Blocks and mishandles the " character...
Cross site scripting
docsify 4.12.1 is affected by Cross Site Scripting XSS because the search component does not appropriately encode Code Blocks and mishandles the " character...
docsify 跨站脚本漏洞
docsify is a documentation website generator. A cross-site scripting vulnerability exists in docsify 4.12.1, which stems from the search component not properly coding code blocks and incorrectly handling "characters"...
docsify cross-site scripting vulnerability (CNVD-2021-14402)
docsify is a documentation website generator. A cross-site scripting vulnerability exists in docsify versions prior to 4.12.0. The vulnerability stems from the fact that it is possible to bypass the isURL external check by inserting more "////" characters to clean up the HTML code on the homepage...
Cross-site Scripting (XSS)
docsify is vulnerable to cross-site scripting XSS. The vulnerability exists as HTML values from remote URLs found in the sidebar are not sanitized, and the isExternalurl on the value of the url can be bypassed with more / characters...
Cross-Site Scripting (XSS)
Overview In docsify before version 4.12.0 it is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods: - When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking place in...
docsify-cli (>=0.1.0 <=1.3.0) potentially affected by CVE-2021-23342 via docsify (=0.0.5)
docsify NPM version =0.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on docsify and may be impacted: - docsify-cli =0.1.0, =1.3.0 Source cves: CVE-2021-23342 Source advisory: OSV:GHSA-2MM9-C2FX-C7M4...
Docsify XSS Vulnerability
This affects the package docsify before 4.12.0. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1 When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking plac...