Skip to main content

Hexo

2 CVEs product

Monthly

CVE-2023-39584 npm HIGH PATCH This Week

Hexo up to v7.0.0 (RC2) was discovered to contain an arbitrary file read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Hexo
NVD GitHub
CVSS 3.1
7.5
EPSS
32.4%
CVE-2021-25987 npm MEDIUM PATCH This Month

Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Hexo
NVD GitHub
CVSS 3.1
4.6
EPSS
0.3%
EPSS 32% CVSS 7.5
HIGH PATCH This Week

Hexo up to v7.0.0 (RC2) was discovered to contain an arbitrary file read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Hexo
NVD GitHub
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Hexo
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy