EUVD-2022-3913

Malicious code in bioql PyPI...

CVE-2019-17606

The Post editor functionality in the hexo-admin plugin versions 2.3.0 and earlier for Node.js is vulnerable to stored XSS via the content of a post...

GHSA-G784-Q3P3-26RM hexo-admin plugin for Node.js XSS Vulnerability

The Post editor functionality in the hexo-admin plugin versions 2.3.0 and earlier for Node.js is vulnerable to stored XSS via the content of a post...

hexo-wustxiao-blog (=1.1.1) potentially affected by CVE-2019-17606 via hexo-admin (=2.3.0)

hexo-admin NPM version =2.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on hexo-admin and may be impacted: - hexo-wustxiao-blog =1.1.1 Source cves: CVE-2019-17606 Source advisory: OSV:GHSA-G784-Q3P3-26RM...

hexo-wustxiao-blog (=1.1.1) potentially affected by unknown CVE via hexo-admin (=2.3.0)

hexo-admin NPM version =2.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on hexo-admin and may be impacted: - hexo-wustxiao-blog =1.1.1 Source cves: unknown CVE Source advisory: OSV:GHSA-PHPH-XPJ4-WVCV...

GHSA-PHPH-XPJ4-WVCV Cross-Site Scripting in hexo-admin

All versions of hexo-admin are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize rendered markdown, allowing attackers to execute arbitrary JavaScript in a victim's browser if they are able to create new posts. Recommendation No fix is currently available. Consider using an...

Cross-Site Scripting in hexo-admin

All versions of hexo-admin are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize rendered markdown, allowing attackers to execute arbitrary JavaScript in a victim's browser if they are able to create new posts. Recommendation No fix is currently available. Consider using an...

hexo-admin plugin for Node.js cross-site scripting vulnerability

hexo-admin plugin for Node.js is a backend administration plugin for use in Node.js. A cross-site scripting vulnerability exists in the Post editor feature in hexo-admin plugin for Node.js version 2.3.0 and earlier, which stems from the lack of proper validation of client-side data in a web...

CVE-2019-17606

The Post editor functionality in the hexo-admin plugin versions 2.3.0 and earlier for Node.js is vulnerable to stored XSS via the content of a post...

CVE-2019-17606

The Post editor functionality in the hexo-admin plugin versions 2.3.0 and earlier for Node.js is vulnerable to stored XSS via the content of a post...

Design/Logic Flaw

The Post editor functionality in the hexo-admin plugin versions 2.3.0 and earlier for Node.js is vulnerable to stored XSS via the content of a post...

CVE-2019-17606

CVE-2019-17606 : The hexo-admin plugin for Node.js (versions ≤ 2.3.0) is vulnerable to stored cross-site scripting via the content of a post in the Post editor. The root cause is lack of proper validation/escaping of user-supplied content, allowing an attacker to inject arbitrary JavaScript that ...

CVE-2019-17606

The Post editor functionality in the hexo-admin plugin versions 2.3.0 and earlier for Node.js is vulnerable to stored XSS via the content of a post...

Cross-Site Scripting (XSS)

hexo-admin is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the post-editor. Successful exploitation can result in the theft of session cookies or execution of unauthorized actions on behalf of the user...

Node.js third-party modules: Stored XSS (Hexo-admin plugin)

I would like to report Stored XSS in Hexo-admin It allows The Post editor functionality in the hexo-admin plugin 3.9.0 for Node.js is vulnerable to stored XSS via the content of a post. Module module name: Hexo-admin version: 3.9.0 npm page: https://www.npmjs.com/package/hexo-admin Module...

Cross-Site Scripting

Overview All versions of hexo-admin are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize rendered markdown, allowing attackers to execute arbitrary JavaScript in a victim's browser if they are able to create new posts. Recommendation No fix is currently available. Consider...