Ejona86

**Name of the Vulnerable Software and Affected Versions** Hugo versions 0.123.0 through 0.125.3 **Description** Hugo is a static site generator where title arguments in Markdown for links and images are not escaped in internal render hooks. This issue impacts Hugo users who have these hooks enabled and do not trust their Markdown content files. The problem is resolved in version 0.125.3. **Recommendations** For Hugo versions 0.123.0 through 0.125.3, replace the templates with user-defined templates or disable the internal templates as a workaround until the issue is resolved by updating to version 0.125.3 or later.