Showing 1 - 2 of 2

CVE-2020-7680

Status Candidate

Overview

docsify prior to 4.11.4 is susceptible to Cross-site Scripting (XSS). Docsify.js uses fragment identifiers (parameters after # sign) to load resources from server-side .md files. Due to lack of validation here, it is possible to provide external URLs after the /#/ (domain.com/#//attacker.com) and render arbitrary JavaScript/HTML inside docsify page.

Related Files

docsify 4.11.6 Cross Site Scripting: Posted Feb 22, 2021; Authored by EgiX; docsify versions 4.11.6 and below suffer from a cross site scripting vulnerability. This vulnerability exists due to an incomplete fix for CVE-2020-7680.; tags | advisory, xss; advisories | CVE-2020-7680, CVE-2021-23342; SHA-256 | 660d129dcc87aa67615bb840ba7c6f92bff103f112e67bbd1690a0f2d2193057; Download | Favorite | View

Docsify.js 4.11.4 Cross Site Scripting: Posted Jul 22, 2020; Authored by Amin Sharifi; Docsify.js version 4.11.4 suffers from a cross site scripting vulnerability.; tags | exploit, xss; advisories | CVE-2020-7680; SHA-256 | 0bcd9963527e80734359f08f4fb7fbea017a71d3c6f4262918bd2b9112da1c80; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 239 files
indoushka 139 files
Ubuntu 79 files
Gentoo 33 files
Debian 26 files
Sebastian Hamann 8 files
Jann Horn 7 files
Google Security Research 6 files
Moritz Abrell 6 files
Jaggar Henry 6 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,110)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,941)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,657)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,783)
UNIX (9,443)
UnixWare (187)
Windows (6,679)
Other

CVE-2020-7680

Overview

Related Files

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems