CVE-2020-7680 - Vulnerability Details - OpenCVE

docsify prior to 4.11.4 is susceptible to Cross-site Scripting (XSS). Docsify.js uses fragment identifiers (parameters after # sign) to load resources from server-side .md files. Due to lack of validation here, it is possible to provide external URLs after the /#/ (domain.com/#//attacker.com) and render arbitrary JavaScript/HTML inside docsify page.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Docsifyjs	Docsify

Configuration 1 [-]

cpe:2.3:a:docsifyjs:docsify:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/158515/Docsify.js-4.11.4-Cross-Site-Scripting.html
http://packetstormsecurity.com/files/161495/docsify-4.11.6-Cross-Site-Scripting.html
http://seclists.org/fulldisclosure/2021/Feb/71
https://github.com/docsifyjs/docsify/issues/1126
https://github.com/docsifyjs/docsify/pull/1128
https://snyk.io/vuln/SNYK-JS-DOCSIFY-567099

History

No history.

MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2020-07-20T15:22:13

Updated: 2024-08-04T09:41:01.274Z

Reserved: 2020-01-21T00:00:00

Link: CVE-2020-7680

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-07-20T16:15:12.350

Modified: 2024-11-21T05:37:35.990

Link: CVE-2020-7680

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "docsify", "vendor": "n/a", "versions": [{"status": "affected", "version": "All versions prior to 4.11.4"}]}], "descriptions": [{"lang": "en", "value": "docsify prior to 4.11.4 is susceptible to Cross-site Scripting (XSS). Docsify.js uses fragment identifiers (parameters after # sign) to load resources from server-side .md files. Due to lack of validation here, it is possible to provide external URLs after the /#/ (domain.com/#//attacker.com) and render arbitrary JavaScript/HTML inside docsify page."}], "problemTypes": [{"descriptions": [{"description": "Cross-site Scripting (XSS)", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-02-22T17:06:13", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/docsifyjs/docsify/issues/1126"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/docsifyjs/docsify/pull/1128"}, {"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/SNYK-JS-DOCSIFY-567099"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/158515/Docsify.js-4.11.4-Cross-Site-Scripting.html"}, {"name": "20210219 [KIS-2021-02] docsify <= 4.11.6 DOM-based Cross-Site Scripting Vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2021/Feb/71"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/161495/docsify-4.11.6-Cross-Site-Scripting.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "report@snyk.io", "ID": "CVE-2020-7680", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "docsify", "version": {"version_data": [{"version_value": "All versions prior to 4.11.4"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "docsify prior to 4.11.4 is susceptible to Cross-site Scripting (XSS). Docsify.js uses fragment identifiers (parameters after # sign) to load resources from server-side .md files. Due to lack of validation here, it is possible to provide external URLs after the /#/ (domain.com/#//attacker.com) and render arbitrary JavaScript/HTML inside docsify page."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Cross-site Scripting (XSS)"}]}]}, "references": {"reference_data": [{"name": "https://github.com/docsifyjs/docsify/issues/1126", "refsource": "MISC", "url": "https://github.com/docsifyjs/docsify/issues/1126"}, {"name": "https://github.com/docsifyjs/docsify/pull/1128", "refsource": "MISC", "url": "https://github.com/docsifyjs/docsify/pull/1128"}, {"name": "https://snyk.io/vuln/SNYK-JS-DOCSIFY-567099", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JS-DOCSIFY-567099"}, {"name": "http://packetstormsecurity.com/files/158515/Docsify.js-4.11.4-Cross-Site-Scripting.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/158515/Docsify.js-4.11.4-Cross-Site-Scripting.html"}, {"name": "20210219 [KIS-2021-02] docsify <= 4.11.6 DOM-based Cross-Site Scripting Vulnerability", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Feb/71"}, {"name": "http://packetstormsecurity.com/files/161495/docsify-4.11.6-Cross-Site-Scripting.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/161495/docsify-4.11.6-Cross-Site-Scripting.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:41:01.274Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/docsifyjs/docsify/issues/1126"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/docsifyjs/docsify/pull/1128"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://snyk.io/vuln/SNYK-JS-DOCSIFY-567099"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/158515/Docsify.js-4.11.4-Cross-Site-Scripting.html"}, {"name": "20210219 [KIS-2021-02] docsify <= 4.11.6 DOM-based Cross-Site Scripting Vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2021/Feb/71"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/161495/docsify-4.11.6-Cross-Site-Scripting.html"}]}]}, "cveMetadata": {"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2020-7680", "datePublished": "2020-07-20T15:22:13", "dateReserved": "2020-01-21T00:00:00", "dateUpdated": "2024-08-04T09:41:01.274Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:docsifyjs:docsify:*:*:*:*:*:*:*:*", "matchCriteriaId": "D61038D6-B6F5-4297-A237-100706E35264", "versionEndExcluding": "4.11.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "docsify prior to 4.11.4 is susceptible to Cross-site Scripting (XSS). Docsify.js uses fragment identifiers (parameters after # sign) to load resources from server-side .md files. Due to lack of validation here, it is possible to provide external URLs after the /#/ (domain.com/#//attacker.com) and render arbitrary JavaScript/HTML inside docsify page."}, {"lang": "es", "value": "docsify versiones anteriores a 4.11.4, es susceptible a una vulnerabilidad de tipo Cross-site Scripting (XSS). El archivo Docsify.js usa identificadores de fragmentos (par\u00e1metros despu\u00e9s del signo #) para cargar recursos desde archivos .md del lado del servidor. Debido a una falta de comprobaci\u00f3n aqu\u00ed, es posible proporcionar las URL externas despu\u00e9s de /#/ (domain.com/#//attacker.com) y representar JavaScript/HTML arbitrario dentro de la p\u00e1gina de docsify"}], "id": "CVE-2020-7680", "lastModified": "2024-11-21T05:37:35.990", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-07-20T16:15:12.350", "references": [{"source": "report@snyk.io", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/158515/Docsify.js-4.11.4-Cross-Site-Scripting.html"}, {"source": "report@snyk.io", "tags": ["Exploit", "Third Party Advisory"], "url": "http://packetstormsecurity.com/files/161495/docsify-4.11.6-Cross-Site-Scripting.html"}, {"source": "report@snyk.io", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Feb/71"}, {"source": "report@snyk.io", "tags": ["Third Party Advisory"], "url": "https://github.com/docsifyjs/docsify/issues/1126"}, {"source": "report@snyk.io", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/docsifyjs/docsify/pull/1128"}, {"source": "report@snyk.io", "tags": ["Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JS-DOCSIFY-567099"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/158515/Docsify.js-4.11.4-Cross-Site-Scripting.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "http://packetstormsecurity.com/files/161495/docsify-4.11.6-Cross-Site-Scripting.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Feb/71"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/docsifyjs/docsify/issues/1126"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/docsifyjs/docsify/pull/1128"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JS-DOCSIFY-567099"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}