Hexo is a fast, simple and powerful blogging framework from the personal developer Tommy Chen in China. Hexo suffers from a cross-site scripting vulnerability that stems from Hexo’s lack of data validation filtering of user-supplied data and output. An attacker could exploit this vulnerability to execute JavaScript code on the client side.