← volver
CVE-2021-25987

Hexo - Stored XSS

CVSS 5 MEDIUMEPSS 0.3%CWE-79
Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The post “body” and “tags” don’t sanitize malicious javascript during web page generation. Local unprivileged attacker can inject arbitrary code.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Productos afectados
Hexo · Hexo

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/hexojs/hexo/commit/5170df2d3fa9c69e855c4b7c2b084ebfd92d5200https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25987