Hexo Security Vulnerabilities

CVE-2019-17606

The Post editor functionality in the hexo-admin plugin versions 2.3.0 and earlier for Node.js is vulnerable to stored XSS via the content of a...

CVE-2023-39584

Hexo up to v7.0.0 (RC2) was discovered to contain an arbitrary file read...

CVE-2021-25987

Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The post “body” and “tags” don’t sanitize malicious javascript during web page generation. Local unprivileged attacker can inject arbitrary...