CVE-2021-25987

Sažetak

Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The post “body” and “tags” don’t sanitize malicious javascript during web page generation. Local unprivileged attacker can inject arbitrary code.

Reference

https://github.com/hexojs/hexo/commit/5170df2d3fa9c69e855c4b7c2b084ebfd92d5200
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25987

CVSS

Base:	1.9
Impact:	2.9
Exploitability:	3.4

Pristup

Vektor	Složenost	Autentikacija
LOCAL	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:L/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

30-11-2021 - 16:00

Objavljeno

30-11-2021 - 14:15