Trengh

**Name of the Vulnerable Software and Affected Versions** moonlightL hexo-boot version 4.3.0 **Description** A problematic issue was found in the Dynamic List Page component, specifically affecting the /admin/home/index.html file. This leads to cross-site scripting and can be initiated remotely. The issue has been publicly disclosed. **Recommendations** For moonlightL hexo-boot version 4.3.0, consider restricting access to the /admin/home/index.html file until a fix is available. As a temporary workaround, avoid using the Dynamic List Page component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** moonlightL hexo-boot version 4.3.0 **Description** A problematic issue has been discovered, affecting an unknown part of the file /admin/home/index.html of the component Blog Backend. The manipulation of the `Description` argument leads to cross-site scripting. This issue can be initiated remotely. **Recommendations** For moonlightL hexo-boot version 4.3.0, consider restricting access to the `/admin/home/index.html` endpoint until a patch is available. As a temporary workaround, avoid using the `Description` argument in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.