Lucene search
K

289 matches found

CVE
CVE
added 2019/10/23 4:18 p.m.60 views

CVE-2019-17606

CVE-2019-17606 : The hexo-admin plugin for Node.js (versions ≤ 2.3.0) is vulnerable to stored cross-site scripting via the content of a post in the Post editor. The root cause is lack of proper validation/escaping of user-supplied content, allowing an attacker to inject arbitrary JavaScript that ...

6.1CVSS5.8AI score0.01035EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2019/10/23 4:18 p.m.17 views

CVE-2019-17606

The Post editor functionality in the hexo-admin plugin versions 2.3.0 and earlier for Node.js is vulnerable to stored XSS via the content of a post...

6AI score0.01035EPSS
Exploits0References4
Veracode
Veracode
added 2019/10/21 6:5 a.m.23 views

Cross-Site Scripting (XSS)

hexo-admin is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the post-editor. Successful exploitation can result in the theft of session cookies or execution of unauthorized actions on behalf of the user...

6.1CVSS4.5AI score0.01035EPSS
Exploits0References6Affected Software1
Hacker One
Hacker One
added 2019/10/17 3:59 p.m.19 views

Node.js third-party modules: Stored XSS (Hexo-admin plugin)

I would like to report Stored XSS in Hexo-admin It allows The Post editor functionality in the hexo-admin plugin 3.9.0 for Node.js is vulnerable to stored XSS via the content of a post. Module module name: Hexo-admin version: 3.9.0 npm page: https://www.npmjs.com/package/hexo-admin Module...

5.4AI score
Exploits0
Node.js
Node.js
added 2019/10/14 2:29 p.m.12 views

Cross-Site Scripting

Overview All versions of hexo-admin are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize rendered markdown, allowing attackers to execute arbitrary JavaScript in a victim's browser if they are able to create new posts. Recommendation No fix is currently available. Consider...

6.7AI score
Exploits0Affected Software1
OSV
OSV
added 2019/07/15 2:15 a.m.3 views

CVE-2019-1010005

HexoEditor v1.1.8-beta is affected by: XSS to code execution...

6.1CVSS6.4AI score0.012EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2019/03/14 3:38 p.m.7 views

@bndynet/bbootstrap (>=1.0.2 <=2.2.1), @bndynet/jslib (>=1.0.52 <=2.0.0) +8 more potentially affected by CVE-2019-9737 via editor.md (=1.5.0)

editor.md NPM version =1.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on editor.md and may be impacted: - @bndynet/bbootstrap =1.0.2, =1.0.52, =2.3.6, =1.0.0, =0.2.0, =0.1.1, =0.1.0, =1.0.0, =1.0.3 Source cves: CVE-2019-9737 Source advisory:...

6.1CVSS6.3AI score0.00857EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2018/11/09 5:41 p.m.3 views

@bndynet/bbootstrap (>=1.0.2 <=2.2.1), @bndynet/jslib (>=1.0.52 <=2.0.0) +8 more potentially affected by CVE-2018-19056 via editor.md (=1.5.0)

editor.md NPM version =1.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on editor.md and may be impacted: - @bndynet/bbootstrap =1.0.2, =1.0.52, =2.3.6, =1.0.0, =0.2.0, =0.1.1, =0.1.0, =1.0.0, =1.0.3 Source cves: CVE-2018-19056 Source advisory:...

6.1CVSS6.3AI score0.00788EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2018/09/06 3:22 a.m.10 views

@bndynet/bbootstrap (>=1.0.2 <=2.2.1), @bndynet/jslib (>=1.0.52 <=2.0.0) +8 more potentially affected by CVE-2018-16330 via editor.md (=1.5.0)

editor.md NPM version =1.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on editor.md and may be impacted: - @bndynet/bbootstrap =1.0.2, =1.0.52, =2.3.6, =1.0.0, =0.2.0, =0.1.1, =0.1.0, =1.0.0, =1.0.3 Source cves: CVE-2018-16330 Source advisory:...

6.1CVSS6.3AI score0.00865EPSS
Exploits1
Rows per page
Query Builder