EPSS
Percentile
12.6%
hexo is vulnerable to cross-site scripting. The attack exists due to insufficient sanitations in the html tag and body values allowing local unauthenticated attackers to inject and execute arbitrary javascript in victim’s browser.
tag
body
github.com/hexojs/hexo/commit/042f86294691f7a18ab27b853dd7066d6aed1408
github.com/hexojs/hexo/commit/5170df2d3fa9c69e855c4b7c2b084ebfd92d5200
github.com/hexojs/hexo/pull/4743
www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25987