The Post editor functionality in the hexo-admin plugin versions 2.3.0 and earlier for Node.js is vulnerable to stored XSS via the content of a...
6.1CVSS
5.8AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.001EPSS
Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The post “body” and “tags” don’t sanitize malicious javascript during web page generation. Local unprivileged attacker can inject arbitrary...
5CVSS
4.7AI Score
0.0004EPSS