2 matches found
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the markdown to HTML rendering. An attacker can inject arbitrary scripts by crafting malicious links or image links in markdown content, which may be executed in the context of users viewing the rendered HTM...
PT-2026-30283
Name of the Vulnerable Software and Affected Versions Hugo versions 0.60.0 through 0.159.1 Description Hugo, a static site generator, has an issue where links and image links in the default markdown to HTML renderer are not properly escaped. Users who trust their Markdown content or have custom...