CVE-2025-5011

A vulnerability classified as problematic was found in moonlightL hexo-boot 4.3.0. This vulnerability affects unknown code of the file /admin/home/index.html of the component Dynamic List Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
References
Link Resource
https://github.com/trengh222/hexo-boot-xss2.0 Exploit
https://vuldb.com/?ctiid.309664 Permissions Required VDB Entry
https://vuldb.com/?id.309664 Third Party Advisory VDB Entry
https://vuldb.com/?submit.580588 Third Party Advisory VDB Entry
https://github.com/trengh222/hexo-boot-xss2.0 Exploit
Configurations

Configuration 1 (hide)

cpe:2.3:a:moonlightl:hexo-boot:4.3.0:*:*:*:*:*:*:*

History

17 Jun 2025, 14:11

Type Values Removed Values Added
New CVE

Information

Published : 2025-05-21 00:15

Updated : 2025-06-17 14:11


NVD link : CVE-2025-5011

Mitre link : CVE-2025-5011

CVE.ORG link : CVE-2025-5011


JSON object : View

Products Affected

moonlightl

  • hexo-boot
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-94

Improper Control of Generation of Code ('Code Injection')