Showing 1 - 2 of 2

CVE-2020-7680

Status Candidate

Overview

docsify prior to 4.11.4 is susceptible to Cross-site Scripting (XSS). Docsify.js uses fragment identifiers (parameters after # sign) to load resources from server-side .md files. Due to lack of validation here, it is possible to provide external URLs after the /#/ (domain.com/#//attacker.com) and render arbitrary JavaScript/HTML inside docsify page.

Related Files

docsify 4.11.6 Cross Site Scripting: Posted Feb 22, 2021; Authored by EgiX; docsify versions 4.11.6 and below suffer from a cross site scripting vulnerability. This vulnerability exists due to an incomplete fix for CVE-2020-7680.; tags | advisory, xss; advisories | CVE-2020-7680, CVE-2021-23342; SHA-256 | 660d129dcc87aa67615bb840ba7c6f92bff103f112e67bbd1690a0f2d2193057; Download | Favorite | View

Docsify.js 4.11.4 Cross Site Scripting: Posted Jul 22, 2020; Authored by Amin Sharifi; Docsify.js version 4.11.4 suffers from a cross site scripting vulnerability.; tags | exploit, xss; advisories | CVE-2020-7680; SHA-256 | 0bcd9963527e80734359f08f4fb7fbea017a71d3c6f4262918bd2b9112da1c80; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 170 files
Ubuntu 66 files
indoushka 48 files
Debian 28 files
CraCkEr 25 files
Google Security Research 14 files
Apple 9 files
Gentoo 9 files
nu11secur1ty 5 files
Jann Horn 4 files

File Archives

Systems

AIX (426)
Apple (1,945)
BSD (370)
CentOS (55)
Cisco (1,917)
Debian (6,667)
Fedora (1,690)
FreeBSD (1,242)
Gentoo (4,288)
HPUX (878)
iOS (337)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (44,609)
Mac OS X (684)
Mandriva (3,105)
NetBSD (255)
OpenBSD (479)
RedHat (12,639)
Slackware (941)
Solaris (1,609)
SUSE (1,444)
Ubuntu (8,266)
UNIX (9,184)
UnixWare (185)
Windows (6,519)
Other

CVE-2020-7680

Overview

Related Files

File Archive:

January 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems