Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package hexo, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2021-25987 — CVSS 5.0 (medium): Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The post “body” and “tags” don’t sanitize malicious javascript…