then, if you now hover over the word Hallo, the '/etc/passwd' file and an alert with words “XSS to
code execution” will pop up:
Attack vector: If the victim is forced or tricked into pasting such code or open a crafted file in the markdown editor, it is possible for the attacker to steal user’s data from the computer or perform any actions on the machine on which the application running on.
As this project has inherited the Moeditor based on the information received here: Moeditor/Moeditor#156
I would like to report XSS to code execution vulnerability in HexoEditor version 1.1.8 . Please do contact me at silviavali14@gmail.com for the poc.
The text was updated successfully, but these errors were encountered: