EUVD-2023-43293

Malicious code in bioql PyPI...

CVE-2021-25987

Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The post “body” and “tags” don’t sanitize malicious javascript during web page generation. Local unprivileged attacker can inject arbitrary code...

@dpu/hexo-github-include (>=0.0.1 <=0.0.2), @exabugs/hexo-theme-icarus (=5.1.0) +114 more potentially affected by CVE-2023-39584 via hexo (>=2.4.5 <=7.0.0)

hexo NPM version =2.4.5, =0.0.1, =1.0.0, =1.4.0, =1.0.2, =22.8.141, =1.0.0, =1.0.0, =1.0.11, =1.0.16, =1.0.17 - diangua-test-hexo-site =0.0.0 and more Source cves: CVE-2023-39584 Source advisory: OSV:GHSA-X2JC-989C-47Q4...

@dpu/hexo-github-include (>=0.0.1 <=0.0.2), @git-story/hexo-meta-data (>=1.0.0 <=1.1.1) +81 more potentially affected by CVE-2021-25987 via hexo (>=2.4.5 <=5.4.2)

hexo NPM version =2.4.5, =0.0.1, =1.0.0, =1.4.0, =1.0.2, =22.8.141, =2.0.0, =1.0.0, =1.0.11, =1.0.16, =1.0.0, =0.0.1, =0.0.3 and more Source cves: CVE-2021-25987 Source advisory: OSV:GHSA-Q54R-R9PR-W7QV...

CVE-2021-25987 Hexo - Stored XSS

Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The post “body” and “tags” don’t sanitize malicious javascript during web page generation. Local unprivileged attacker can inject arbitrary code...