Vulnerabilities for HEXO (...) - CXSECURITY.COM

Vulnerabilities for 'HEXO'

2021-11-30

CVE-2021-25987

CWE-79

Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The post �??body�?� and �??tags�?� don�??t sanitize malicious javascript during web page generation. Local unprivileged attacker can inject arbitrary code.

Copyright 2024, cxsecurity.com