•
MEDIUM Severity
CVE-2025-5011
Problematic vulnerability in moonlightL hexo-boot 4.3.0 leading to cross site scripting.
Overview
A problematic vulnerability has been discovered in moonlightL hexo-boot 4.3.0. This vulnerability leads to cross-site scripting, and the attack can be performed remotely. The exploit is publicly disclosed.
Technical Details
The vulnerability affects the unknown code in the /admin/home/index.html file of the Dynamic List Page component. The manipulation of these components results in cross-site scripting.
CVSS Metrics
- Base Score: 4.8
- Attack Vector: NETWORK
- Attack Complexity: LOW
- Privileges Required: HIGH
- User Interaction: PASSIVE
- Vulnerability Confidentiality Impact: NONE
- Vulnerability Integrity Impact: LOW
Impact
This vulnerability may allow attackers to conduct cross site scripting which could lead to unauthorized access and data manipulation on the compromised system.
Recommendations
Users are advised to update moonlightL hexo-boot to the latest version to reduce the risk of being exploited.
Threat Metrics
- "cvss_score": 4.8
- "severity": "MEDIUM"
- "attack_vector": "NETWORK"
- "attack_complexity": "LOW"