Vulnerability Details CVE-2019-17606
The Post editor functionality in the hexo-admin plugin versions 2.3.0 and earlier for Node.js is vulnerable to stored XSS via the content of a post.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 56.3%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- https://github.com/jaredly/hexo-admin/commits/master
- https://mega.nz/#%218MYnUQzC%21ZCqixrGyHdBhimCmrszSXdFmI2feImhuZZMcnplNBQQ
- https://www.npmjs.com/advisories
- https://www.npmjs.com/advisories/1211
- https://github.com/jaredly/hexo-admin/commits/master
- https://mega.nz/#%218MYnUQzC%21ZCqixrGyHdBhimCmrszSXdFmI2feImhuZZMcnplNBQQ
- https://www.npmjs.com/advisories
- https://www.npmjs.com/advisories/1211
Products affected by CVE-2019-17606
-
cpe:2.3:a:hexo-admin_project:hexo-admin:-
-
cpe:2.3:a:hexo-admin_project:hexo-admin:0.0.0
-
cpe:2.3:a:hexo-admin_project:hexo-admin:0.1.2
-
cpe:2.3:a:hexo-admin_project:hexo-admin:0.1.3
-
cpe:2.3:a:hexo-admin_project:hexo-admin:0.2.0
-
cpe:2.3:a:hexo-admin_project:hexo-admin:0.3.0
-
cpe:2.3:a:hexo-admin_project:hexo-admin:1.0.0
-
cpe:2.3:a:hexo-admin_project:hexo-admin:1.1.0
-
cpe:2.3:a:hexo-admin_project:hexo-admin:1.1.2
-
cpe:2.3:a:hexo-admin_project:hexo-admin:2.0.0
-
cpe:2.3:a:hexo-admin_project:hexo-admin:2.0.1
-
cpe:2.3:a:hexo-admin_project:hexo-admin:2.1.0
-
cpe:2.3:a:hexo-admin_project:hexo-admin:2.2.0
-
cpe:2.3:a:hexo-admin_project:hexo-admin:2.2.1
-
cpe:2.3:a:hexo-admin_project:hexo-admin:2.3.0