CVE-2021-23342 – This affects the package docsify before 4.12.0. It is possible to bypass the remediation d …

19 February 2021

Vuln ID: CVE-2021-23342

Published: 2021-02-19 17:15:13Z

Description: This affects the package docsify before 4.12.0. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1) When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking place in the sidebar. 2) The isURL external check can be bypassed by inserting more â€œ////â€� characters

Source: NVD.NIST.GOV

Date:

19 February 2021

Categorie(s):

NVD

Tag(s):

NVD

Most people still rely on memory or pen and paper for password management26 April 2024
LSA Whisperer: Open-source tools for interacting with authentication packages26 April 2024
What AI can tell organizations about their M&A risk26 April 2024
Breaking down the numbers: Cybersecurity funding activity recap26 April 2024
New infosec products of the week: April 26, 202426 April 2024