Security Advisory

CVE-2021-25987

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-11-30 13:50:09

Last updated 2025-04-30 15:44:20

Assigner Mend

State PUBLISHED

Description

Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The post “body” and “tags” don’t sanitize malicious javascript during web page generation. Local unprivileged attacker can inject arbitrary code.

← Browse all CVEs View on cve.org ↗