2 matches found
hexo-wustxiao-blog (=1.1.1) potentially affected by CVE-2019-17606 via hexo-admin (=2.3.0)
hexo-admin NPM version =2.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on hexo-admin and may be impacted: - hexo-wustxiao-blog =1.1.1 Source cves: CVE-2019-17606 Source advisory: OSV:GHSA-G784-Q3P3-26RM...
CVE-2019-17606
CVE-2019-17606 : The hexo-admin plugin for Node.js (versions ≤ 2.3.0) is vulnerable to stored cross-site scripting via the content of a post in the Post editor. The root cause is lack of proper validation/escaping of user-supplied content, allowing an attacker to inject arbitrary JavaScript that ...