npm package
hexo
pkg:npm/hexo
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-39584 | — | < 7.2.0 | 7.2.0 | Sep 8, 2023 | Hexo up to v7.0.0 (RC2) was discovered to contain an arbitrary file read vulnerability. | ||
| CVE-2021-25987 | — | >= 0.0.1, < 6.0.0 | 6.0.0 | Nov 30, 2021 | Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The post “body” and “tags” don’t sanitize malicious javascript during web page generation. Local unprivileged attacker can inject arbitrary code. |
- CVE-2023-39584Sep 8, 2023affected < 7.2.0fixed 7.2.0
Hexo up to v7.0.0 (RC2) was discovered to contain an arbitrary file read vulnerability.
- CVE-2021-25987Nov 30, 2021affected >= 0.0.1, < 6.0.0fixed 6.0.0
Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The post “body” and “tags” don’t sanitize malicious javascript during web page generation. Local unprivileged attacker can inject arbitrary code.