Moderate severityNVD Advisory· Published Oct 23, 2019· Updated Aug 5, 2024
CVE-2019-17606
CVE-2019-17606
Description
The Post editor functionality in the hexo-admin plugin versions 2.3.0 and earlier for Node.js is vulnerable to stored XSS via the content of a post.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Members only
The AI Insight narrative is available to signed-in members. Sign in or create a free account to read it.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
hexo-adminnpm | <= 2.3.0 | — |
Affected products
2- hexo-admin/hexo-admin plugindescription
Patches
Members only
Discovered fix commits and diffs is available to signed-in members. Sign in or create a free account to read it.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- github.com/advisories/GHSA-g784-q3p3-26rmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-17606ghsaADVISORY
- github.com/418sec/hexo-admin/pull/2ghsaWEB
- github.com/jaredly/hexo-admin/commits/mastermitrex_refsource_MISC
- github.com/jaredly/hexo-admin/issues/185ghsaWEB
- github.com/jaredly/hexo-admin/pull/203ghsaWEB
- mega.nzmitrex_refsource_MISC
- www.npmjs.com/advisoriesmitrex_refsource_MISC
- www.npmjs.com/advisories/1211mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.