hexo-wustxiao-blog (=1.1.1) potentially affected by CVE-2019-17606 via hexo-admin (=2.3.0)

hexo-admin NPM version =2.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on hexo-admin and may be impacted: - hexo-wustxiao-blog =1.1.1 Source cves: CVE-2019-17606 Source advisory: OSV:GHSA-G784-Q3P3-26RM...

CVE-2019-17606

CVE-2019-17606 : The hexo-admin plugin for Node.js (versions ≤ 2.3.0) is vulnerable to stored cross-site scripting via the content of a post in the Post editor. The root cause is lack of proper validation/escaping of user-supplied content, allowing an attacker to inject arbitrary JavaScript that ...

CVE-2018-17606

CVE-2018-17606 is rejected; this candidate is a reservation duplicate of CVE-2018-16620.

CVE-2018-17606

...

CVE-2017-17606

CVE-2017-17606 affects the PHP Scripts Mall Co-work Space Search Script 1.0, with a SQL injection vulnerability in the /list endpoint via the city parameter. The root cause is unsanitized input allowing arbitrary SQL execution, leading to potential data disclosure/ modification. In the connected ...