hexo-admin - Cross-site Scripting (XSS) - Fix:

[JamieSlome]

https://huntr.dev/users/mufeedvh fixed the vulnerability associated with Cross-site Scripting (XSS). This fix is being submitted on behalf of https://github.com/mufeedvh - they have been awarded $25 for fixing the vulnerability through the huntr bug bounty program. Think you could fix a vulnerability like this - get involved (https://huntr.dev). Q | A Version Affected | ALL Bug Fix | YES Further References | https://github.com/418sec/hexo-admin/pull/1

[JamieSlome]

@jaredly - any updates/thoughts on this?

[jaredly]

Given that this isn't meant to be "publicly hosted", XSS doesn't really apply here. I'd rather not complicate things.