GHSA-2MM9-C2FX-C7M4 Docsify XSS Vulnerability

This affects the package docsify before 4.12.0. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1 When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking plac...

docsify 4.11.6 Cross Site Scripting Vulnerability

docsify versions 4.11.6 and below suffer from a cross site scripting vulnerability. This vulnerability exists due to an incomplete fix for CVE-2020-7680. -------------------------------------------------------------- docsify = 4.11.6 DOM-based Cross-Site Scripting Vulnerability...

CVE-2021-23342

This affects the package docsify before 4.12.0. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1 When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking plac...

CVE-2021-23342

This affects the package docsify before 4.12.0. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1 When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking plac...

Authentication flaw

This affects the package docsify before 4.12.0. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1 When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking plac...

CVE-2021-23342

The CVE-2021-23342 entry concerns docsify before version 4.12.0, where a bypass of CVE-2020-7680 allows cross-site scripting. The vulnerability arises because HTML sanitization performed for remote URLs on the main page is not applied in the sidebar, and the isURL external check can be bypassed b...

CVE-2021-23342 Cross-site Scripting (XSS)

This affects the package docsify before 4.12.0. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1 When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking plac...

CVE-2021-23342

This affects the package docsify before 4.12.0. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1 When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking plac...

docsify 跨站脚本漏洞

docsify is a documentation website generator. A cross-site scripting vulnerability exists in docsify versions prior to 4.12.0. The vulnerability stems from the fact that it is possible to bypass the isURL external check by inserting more "////" characters to clean up the HTML code on the homepage...

Cross-site Scripting (XSS)

Overview docsify is a magical documentation site generator. Affected versions of this package are vulnerable to Cross-site Scripting XSS. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1 When parsing HTML from remote...

Cross-site Scripting (XSS)

docsify is vulnerable to cross-site scripting XSS. The vulnerability exists as it does not validate fragment identifiers when loading resources from server-side markdown files...

Docsify Cross-Site Scripting Vulnerability

docsify is a documentation website generator. A cross-site scripting vulnerability exists in versions prior to docsify 4.11.4. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute client-side cod...

CVE-2020-7680

Summary of CVE-2020-7680 (docsify XSS) Affected software: docsify prior to version 4.11.4 (docsify.js) which loads resources via fragment identifiers after # (e.g., domain.com/#//attacker.com) to server-side .md files. Root cause: insufficient validation of these fragment URLs allows rendering ar...

CVE-2020-7680

docsify prior to 4.11.4 is susceptible to Cross-site Scripting XSS. Docsify.js uses fragment identifiers parameters after sign to load resources from server-side .md files. Due to lack of validation here, it is possible to provide external URLs after the // domain.com///attacker.com and render...

Cross-site Scripting (XSS)

Overview docsify is a magical documentation site generator. Affected versions of this package are vulnerable to Cross-site Scripting XSS. Docsify.js uses fragment identifiers parameters after sign to load resources from server-side .md files. Due to lack of validation here, it is possible to...