2 matches found
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the text/html content processing. An attacker can inject and execute arbitrary scripts in the context of the rendered page by supplying malicious HTML content files from untrusted sources. This is only...
Hugo: XSS via text/html content files
Commit: e41a06447d — Disallow HTML content by default Affected versions: all Hugo versions prior to v0.162.0. Fixed in: v0.162.0. Severity: Low to Medium, depending on threat model. Not an issue if you fully trust every file under /content and every content adapter you load. Description. Hugo...