Showing 1 - 2 of 2

CVE-2020-7680

Status Candidate

Overview

docsify prior to 4.11.4 is susceptible to Cross-site Scripting (XSS). Docsify.js uses fragment identifiers (parameters after # sign) to load resources from server-side .md files. Due to lack of validation here, it is possible to provide external URLs after the /#/ (domain.com/#//attacker.com) and render arbitrary JavaScript/HTML inside docsify page.

Related Files

docsify 4.11.6 Cross Site Scripting: Posted Feb 22, 2021; Authored by EgiX; docsify versions 4.11.6 and below suffer from a cross site scripting vulnerability. This vulnerability exists due to an incomplete fix for CVE-2020-7680.; tags | advisory, xss; advisories | CVE-2020-7680, CVE-2021-23342; MD5 | 4f1f48238c4e1aa6fdf3106d9952a98f; Download | Favorite | View

Docsify.js 4.11.4 Cross Site Scripting: Posted Jul 22, 2020; Authored by Amin Sharifi; Docsify.js version 4.11.4 suffers from a cross site scripting vulnerability.; tags | exploit, xss; advisories | CVE-2020-7680; MD5 | c04ce1f9ca28c7b5d05da5e1c5f7e216; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 98 files
malvuln 54 files
Ubuntu 44 files
Erik David Martin 9 files
Google Security Research 6 files
Soham Bakore 5 files
Tushar Vaidya 5 files
Jeenali Kothari 5 files
Nakul Ratti 4 files
Ismael Nava 4 files

File Archives

Systems

AIX (421)
Apple (1,774)
BSD (368)
Cisco (1,902)
Debian (5,945)
Fedora (1,688)
FreeBSD (1,241)
Gentoo (4,040)
HPUX (873)
iOS (284)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (39,503)
Mac OS X (673)
Mandriva (3,105)
NetBSD (255)
OpenBSD (473)
RedHat (9,726)
Slackware (941)
Solaris (1,598)
SUSE (1,444)
Ubuntu (7,142)
UNIX (8,852)
UnixWare (180)
Windows (5,822)
Other

CVE-2020-7680

Overview

Related Files

File Archive:

March 2021

Top Authors In Last 30 Days

File Tags

File Archives

Systems