Stored XSS Vulnerability in Hexo Versions 0.0.1 to 5.4.0

Stored XSS Vulnerability in Hexo Versions 0.0.1 to 5.4.0

CVE-2021-25987 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The post “body” and “tags” don’t sanitize malicious javascript during web page generation. Local unprivileged attacker can inject arbitrary code.

Learn more about our Web App Pen Testing.