NodeJS/hexo/1.0.9
A fast, simple & powerful blog framework, powered by Node.js.
https://www.npmjs.com/package/hexo
MIT
1 Security Vulnerabilities
Hexo Vulnerable to XSS
Published date: 2021-12-01T18:27:44Z
CVE: CVE-2021-25987
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2021-25987
- https://github.com/hexojs/hexo/commit/5170df2d3fa9c69e855c4b7c2b084ebfd92d5200
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25987
- https://github.com/advisories/GHSA-q54r-r9pr-w7qv
- https://github.com/hexojs/hexo/issues/4838
- https://github.com/hexojs/hexo/pull/4750
Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The post “body” and “tags” don’t sanitize malicious javascript during web page generation. Local unprivileged attacker can inject arbitrary code.
Affected versions:
["0.0.1", "0.0.2", "0.0.3", "0.0.4", "0.0.5", "0.0.6", "0.1.0", "0.1.1", "0.1.2", "0.1.3", "0.1.4", "0.1.5", "0.1.6", "0.1.7", "0.1.8", "0.1.9", "0.1.10", "0.1.11", "0.2.0", "0.2.1", "0.3.0", "0.3.1", "0.3.2", "0.4.0", "0.4.1", "0.4.2", "0.4.3", "0.4.4", "0.4.5", "0.5.0", "0.5.1", "0.5.2", "0.5.3", "0.5.4", "0.5.5", "0.5.6", "0.5.7", "0.5.8", "0.5.9", "0.5.10", "0.5.11", "0.5.12", "1.0.0", "1.0.1", "1.0.2", "1.0.3", "1.0.4", "1.0.5", "1.0.6", "1.0.7", "1.0.8", "1.0.9", "1.1.0", "1.1.1", "1.1.2", "1.1.3", "1.1.4", "1.2.0", "1.2.1", "1.2.2", "1.2.3", "1.2.4", "2.0.0-beta2", "2.0.0-rc1", "2.0.0-rc2", "2.0.0-beta1", "2.0.0-rc3", "2.0.0", "2.0.1", "2.0.2", "2.0.3", "2.0.4", "2.0.5", "2.0.6", "2.0.7", "2.1.0", "2.1.1", "2.2.0", "2.2.1", "2.3.0", "2.4.0", "2.4.1", "2.4.2", "2.4.3", "2.4.4", "2.4.5", "2.5.1", "2.5.2", "2.5.3", "2.5.4", "2.5.5", "2.5.6", "2.5.7", "2.6.0", "2.6.1", "2.6.2", "2.6.3", "2.7.0", "2.7.1", "2.8.0", "2.8.1", "2.8.2", "2.8.3", "3.0.0-beta.1", "3.0.0-beta.2", "3.0.0-beta.3", "3.0.0-beta.4", "3.0.0-rc.1", "3.0.0-rc.2", "3.0.0-rc.3", "3.0.0-rc.4", "3.0.0", "3.0.1", "3.1.0", "3.1.1", "3.2.0-beta.1", "3.2.0-beta.2", "3.2.0", "3.2.1", "3.2.2", "3.3.0", "3.3.1", "3.3.5", "3.3.7", "3.3.8", "3.3.9", "3.4.0", "3.4.1", "3.4.2", "3.4.3", "3.4.4", "3.5.0", "3.6.0", "3.7.0", "3.7.1", "3.8.0", "3.9.0", "4.0.0", "4.1.0", "4.1.1", "4.2.0", "4.2.1", "5.0.0", "5.0.1", "5.0.2", "5.1.0", "5.1.1", "5.2.0", "5.3.0", "5.4.0"]
Secure versions:
[6.0.0, 5.4.1, 6.1.0, 5.4.2, 6.2.0, 6.3.0, 7.0.0-rc1, 7.0.0-rc2, 7.0.0, 7.1.0, 7.1.1, 7.2.0]
Recommendation:
Update to version 7.2.0.
162 Other Versions
Version | License | Security | Released | |
---|---|---|---|---|
1.2.4 | MIT | 1 | 2013-06-24 - 03:03 | almost 11 years |
1.2.3 | MIT | 1 | 2013-06-03 - 15:33 | about 11 years |
1.2.2 | MIT | 1 | 2013-06-02 - 16:52 | about 11 years |
1.2.1 | MIT | 1 | 2013-06-01 - 16:46 | about 11 years |
1.2.0 | MIT | 1 | 2013-06-01 - 10:07 | about 11 years |
1.1.4 | MIT | 1 | 2013-05-28 - 16:47 | about 11 years |
1.1.3 | MIT | 1 | 2013-04-27 - 15:24 | about 11 years |
1.1.2 | MIT | 1 | 2013-04-06 - 14:58 | about 11 years |
1.1.1 | MIT | 1 | 2013-04-04 - 07:40 | about 11 years |
1.1.0 | MIT | 1 | 2013-04-04 - 07:03 | about 11 years |
1.0.9 | MIT | 1 | 2013-03-29 - 15:43 | about 11 years |
1.0.8 | MIT | 1 | 2013-03-28 - 14:29 | about 11 years |
1.0.7 | MIT | 1 | 2013-03-20 - 14:34 | about 11 years |
1.0.6 | MIT | 1 | 2013-03-10 - 14:35 | over 11 years |
1.0.5 | MIT | 1 | 2013-03-10 - 10:39 | over 11 years |
1.0.4 | MIT | 1 | 2013-03-03 - 14:44 | over 11 years |
1.0.3 | MIT | 1 | 2013-03-03 - 06:13 | over 11 years |
1.0.2 | MIT | 1 | 2013-03-02 - 17:17 | over 11 years |
1.0.1 | MIT | 1 | 2013-03-02 - 11:18 | over 11 years |
1.0.0 | MIT | 1 | 2013-03-02 - 09:51 | over 11 years |
0.5.12 | MIT | 1 | 2013-02-20 - 15:42 | over 11 years |
0.5.11 | MIT | 1 | 2013-02-07 - 02:13 | over 11 years |
0.5.10 | MIT | 1 | 2013-02-01 - 13:56 | over 11 years |
0.5.9 | MIT | 1 | 2013-01-30 - 02:27 | over 11 years |
0.5.8 | MIT | 1 | 2013-01-22 - 15:15 | over 11 years |
0.5.7 | MIT | 1 | 2013-01-19 - 16:59 | over 11 years |
0.5.6 | MIT | 1 | 2013-01-19 - 13:33 | over 11 years |
0.5.5 | MIT | 1 | 2013-01-18 - 14:03 | over 11 years |
0.5.4 | MIT | 1 | 2013-01-17 - 08:42 | over 11 years |
0.5.3 | MIT | 1 | 2013-01-16 - 04:56 | over 11 years |
0.5.2 | MIT | 1 | 2013-01-15 - 09:49 | over 11 years |
0.5.1 | MIT | 1 | 2013-01-13 - 09:11 | over 11 years |
0.5.0 | MIT | 1 | 2013-01-12 - 17:06 | over 11 years |
0.4.5 | MIT | 1 | 2013-01-07 - 09:29 | over 11 years |
0.4.4 | MIT | 1 | 2013-01-07 - 09:17 | over 11 years |
0.4.3 | MIT | 1 | 2013-01-07 - 04:19 | over 11 years |
0.4.2 | MIT | 1 | 2013-01-07 - 03:28 | over 11 years |
0.4.1 | MIT | 1 | 2013-01-06 - 16:13 | over 11 years |
0.4.0 | MIT | 1 | 2013-01-06 - 14:36 | over 11 years |
0.3.2 | MIT | 1 | 2012-12-27 - 05:34 | over 11 years |
0.3.1 | MIT | 1 | 2012-12-20 - 10:42 | over 11 years |
0.3.0 | MIT | 1 | 2012-12-20 - 09:54 | over 11 years |
0.2.1 | MIT | 1 | 2012-12-16 - 05:40 | over 11 years |
0.2.0 | MIT | 1 | 2012-12-16 - 03:10 | over 11 years |
0.1.11 | MIT | 1 | 2012-12-07 - 12:51 | over 11 years |
0.1.10 | MIT | 1 | 2012-12-07 - 10:25 | over 11 years |
0.1.9 | MIT | 1 | 2012-12-06 - 16:10 | over 11 years |
0.1.8 | MIT | 1 | 2012-12-06 - 11:40 | over 11 years |
0.1.7 | MIT | 1 | 2012-12-02 - 09:47 | over 11 years |
0.1.6 | MIT | 1 | 2012-11-18 - 09:43 | over 11 years |
0.1.5 | MIT | 1 | 2012-11-15 - 13:25 | over 11 years |
0.1.4 | MIT | 1 | 2012-11-11 - 15:54 | over 11 years |
0.1.3 | MIT | 1 | 2012-11-05 - 10:56 | over 11 years |
0.1.2 | MIT | 1 | 2012-11-04 - 11:18 | over 11 years |
0.1.1 | MIT | 1 | 2012-10-30 - 17:16 | over 11 years |
0.1.0 | MIT | 1 | 2012-10-28 - 15:29 | over 11 years |
0.0.6 | MIT | 1 | 2012-10-12 - 10:00 | over 11 years |
0.0.5 | MIT | 1 | 2012-10-11 - 07:17 | over 11 years |
0.0.4 | MIT | 1 | 2012-10-10 - 15:22 | over 11 years |
0.0.3 | MIT | 1 | 2012-10-10 - 02:11 | over 11 years |
0.0.2 | MIT | 1 | 2012-10-09 - 16:42 | over 11 years |
0.0.1 | MIT | 1 | 2012-10-07 - 10:07 | over 11 years |