← back
CVE-2020-7680

CVE-2020-7680

EPSS 4.5%
docsify prior to 4.11.4 is susceptible to Cross-site Scripting (XSS). Docsify.js uses fragment identifiers (parameters after # sign) to load resources from server-side .md files. Due to lack of validation here, it is possible to provide external URLs after the /#/ (domain.com/#//attacker.com) and render arbitrary JavaScript/HTML inside docsify page.
Affected products
n/a · docsify
public PoCs found3
cve_referencepacketstormsecurity.com/files/158515/Docsify.js-4.11.4-Cross-Site-Scripting.htmlunverifiedcve_referencepacketstormsecurity.com/files/161495/docsify-4.11.6-Cross-Site-Scripting.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48681unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/158515/Docsify.js-4.11.4-Cross-Site-Scripting.htmlhttp://packetstormsecurity.com/files/161495/docsify-4.11.6-Cross-Site-Scripting.htmlhttp://seclists.org/fulldisclosure/2021/Feb/71https://github.com/docsifyjs/docsify/issues/1126https://github.com/docsifyjs/docsify/pull/1128https://snyk.io/vuln/SNYK-JS-DOCSIFY-567099