RSS   Vulnerabilities for 'HEXO'   RSS

2021-11-30
 
CVE-2021-25987

CWE-79
 

 
Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The post �??body�?� and �??tags�?� don�??t sanitize malicious javascript during web page generation. Local unprivileged attacker can inject arbitrary code.

 


Copyright 2024, cxsecurity.com

 

Back to Top