Описание
Cross-Site Scripting in hexo-admin
All versions of hexo-admin are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize rendered markdown, allowing attackers to execute arbitrary JavaScript in a victim's browser if they are able to create new posts.
Recommendation
No fix is currently available. Consider using an alternative package until a fix is made available.
Пакеты
Наименование
hexo-admin
npm
Затронутые версииВерсия исправления
>= 0.0.0
Отсутствует
Дефекты
CWE-79
Дефекты
CWE-79