Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package docsify, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2021-23342 — CVSS 8.6 (high): This affects the package docsify before 4.12.0. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious…
CVE-2020-7680 — CVSS 6.1 (medium): docsify prior to 4.11.4 is susceptible to Cross-site Scripting (XSS). Docsify.js uses fragment identifiers (parameters after # sign) to…
CVE-2021-30074 — CVSS 6.1 (medium): docsify 4.12.1 is affected by Cross Site Scripting (XSS) because the search component does not appropriately encode Code Blocks and…