Name of the Vulnerable Software and Affected Versions hexo-admin versions (all versions)

Description The issue concerns a failure to sanitize rendered markdown, which allows attackers to execute arbitrary JavaScript in a victim's browser if they can create new posts. This is a Cross-Site Scripting (XSS) issue.

Recommendations Consider using an alternative package until a fix is made available.