hexojs/hexo

Releases162

Frequency1 month 9 hours

Last Release about 2 months ago

Stars41.8K

A fast, simple & powerful blog framework, powered by Node.js.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-39584 ↗	Sep 8, 2023Friday, 8 September 2023, 13:15	7.5 HIGH	—
Hexo up to v7.0.0 (RC2) was discovered to contain an arbitrary file read vulnerability.
CVE-2021-25987 ↗	Nov 30, 2021Tuesday, 30 November 2021, 14:15	5 MEDIUM	1.9 LOW
Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The post “body” and “tags” don’t sanitize malicious javascript during web page generation. Local unprivileged attacker can inject arbitrary code.