Lucene search
MendCVELIST:CVE-2021-25987HistoryNov 30, 2021 - 1:50 p.m.
CVE-2021-25987 Hexo - Stored XSS
2021-11-3013:50:09
CWE-79
Mend
www.cve.org
3
hexo
stored xss
vulnerability
versions 0.0.1 to 5.4.0
malicious javascript
web page generation
unprivileged attacker
arbitrary code
CVSS3
5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
5.4
Confidence
High
EPSS
0
Percentile
12.6%
Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The post “body” and “tags” don’t sanitize malicious javascript during web page generation. Local unprivileged attacker can inject arbitrary code.
CNA Affected
[
{
"product": "Hexo",
"vendor": "Hexo",
"versions": [
{
"lessThanOrEqual": "5.4.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "next of 0.0.1",
"versionType": "custom"
}
]
}
]Related
prion
prion
Cross site scripting
2021-11-30 14:15:00
nvd
nvd
CVE-2021-25987
2021-11-30 14:15:07
cnvd
cnvd
Hexo cross-site scripting vulnerability
2021-12-01 00:00:00
osv
osv
Hexo Vulnerable to XSS
2021-12-01 18:27:44
veracode
veracode
Cross-site Scripting (XSS)
2021-12-01 08:54:58
github
github
Hexo Vulnerable to XSS
2021-12-01 18:27:44
cve
cve
CVE-2021-25987
2021-11-30 14:15:07
CVSS3
5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
5.4
Confidence
High
EPSS
0
Percentile
12.6%
Related for CVELIST:CVE-2021-25987