CVE-2021-25987
npm/hexo
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Hexo is vulnerable to stored XSS. The post body
and tags
don’t sanitize malicious javascript during web page generation. Local unprivileged attacker can inject arbitrary code.
All versions starting from 0.0.1 up to 5.4.0
Unfortunately, there is no solution available yet.
2021-12-01
source |