Show filters
5 Total Results
Displaying 1-5 of 5
Sort by:
Attacker Value
Unknown

CVE-2023-39584

Disclosure Date: September 08, 2023 (last updated October 08, 2023)
Hexo up to v7.0.0 (RC2) was discovered to contain an arbitrary file read vulnerability.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-24656

Disclosure Date: March 21, 2022 (last updated February 23, 2025)
HexoEditor 1.1.8 is affected by Cross Site Scripting (XSS). By putting a common XSS payload in a markdown file, if opened with the app, will execute several times.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-25987

Disclosure Date: November 30, 2021 (last updated February 23, 2025)
Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The post “body” and “tags” don’t sanitize malicious javascript during web page generation. Local unprivileged attacker can inject arbitrary code.
Attack Vector: LocalPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-17606

Disclosure Date: October 23, 2019 (last updated November 08, 2023)
The Post editor functionality in the hexo-admin plugin versions 2.3.0 and earlier for Node.js is vulnerable to stored XSS via the content of a post.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-1010005

Disclosure Date: July 15, 2019 (last updated November 27, 2024)
HexoEditor v1.1.8-beta is affected by: XSS to code execution.
0
0