CVE-2021-25987

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in npm/hexo

Identifiers

CVE-2021-25987

Package Slug

npm/hexo

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

Hexo is vulnerable to stored XSS. The post body and tags don’t sanitize malicious javascript during web page generation. Local unprivileged attacker can inject arbitrary code.

Affected Versions

All versions starting from 0.0.1 up to 5.4.0

Solution

Unfortunately, there is no solution available yet.

Last Modified

2021-12-01

source