2 matches found
@dpu/hexo-github-include (>=0.0.1 <=0.0.2), @git-story/hexo-meta-data (>=1.0.0 <=1.1.1) +81 more potentially affected by CVE-2021-25987 via hexo (>=2.4.5 <=5.4.2)
hexo NPM version =2.4.5, =0.0.1, =1.0.0, =1.4.0, =1.0.2, =22.8.141, =2.0.0, =1.0.0, =1.0.11, =1.0.16, =1.0.0, =0.0.1, =0.0.3 and more Source cves: CVE-2021-25987 Source advisory: OSV:GHSA-Q54R-R9PR-W7QV...
CVE-2021-25987
CVE-2021-25987 affects Hexo up to 5.4.0, where stored XSS is possible due to lack of sanitization in the post body and tags during page generation. An unprivileged local attacker can inject arbitrary JavaScript that executes in the victim’s browser. The vulnerability is documented across multiple...