PT-2024-21171 · Unknown · Hexo-Theme-Anzhiyu

Fatboyer

Published

2024-03-02

Updated

2025-03-29

CVE-2024-25865

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions hexo-theme-anzhiyu version 1.6.12

Description The issue is a Cross Site Scripting (XSS) vulnerability that allows remote attackers to execute arbitrary code via the algolia search function.

Recommendations For hexo-theme-anzhiyu version 1.6.12, consider disabling the algolia search function until a patch is available. Restrict access to the algolia search module to minimize the risk of exploitation. Avoid using the algolia search function in the affected version until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-80CWE-79

Related Identifiers

CVE-2024-25865

GHSA-82JF-8F24-XQ9M

Affected Products

Hexo-Theme-Anzhiyu

PT-2024-21171 · Unknown · Hexo-Theme-Anzhiyu

CVE-2024-25865

Weakness Enumeration

Related Identifiers

Affected Products

References · 9