Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hexo hexo vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-39584
Hexo up to v7.0.0 (RC2) exists to contain an arbitrary file read vulnerability.
Hexo Hexo 7.0.0
Hexo Hexo
4.6
CVSSv3
CVE-2021-25987
Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The post “body” and “tags” don’t sanitize malicious javascript during web page generation. Local unprivileged attacker can inject arbitrary code.
Hexo Hexo
6.1
CVSSv3
CVE-2019-17606
The Post editor functionality in the hexo-admin plugin versions 2.3.0 and previous versions for Node.js is vulnerable to stored XSS via the content of a post.
Hexo-admin Project Hexo-admin
NA
CVE-2023-47435
An issue in the verifyPassword function of hexo-theme-matery v2.0.0 allows malicious users to bypass authentication and access password protected pages.
NA
CVE-2024-25865
Cross Site Scripting (XSS) vulnerability in hexo-theme-anzhiyu v1.6.12, allows remote malicious users to execute arbitrary code via the algolia search function.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started