Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cross-site Scripting (XSS)
Vulnerability Description
This affects the package docsify before 4.12.0. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1) When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking place in the sidebar. 2) The isURL external check can be bypassed by inserting more “////” characters
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Vulnerability Type
N/A
Vulnerability Title
docsify 跨站脚本漏洞
Vulnerability Description
docsify是一款文档网站生成器。 Docsify 中存在跨站脚本漏洞。该漏洞源于可以通过插入更多“///”字符绕过isURL外部检查、从远程url解析HTML时,对主页上的HTML代码进行清理,但这种清理不会在侧边栏中进行。攻击者可通过该漏洞执行Javascript代码。以下产品及版本受到影响:docsify 4.12.0 之前版本。
CVSS Information
N/A
Vulnerability Type
N/A