CVE Details
Basic Information
| Title |
CVE-2025-5010 |
| Type |
cve |
| Published |
2025-05-21T00:15:22 |
| Last Seen |
2025-05-21T00:20:40 |
CVSS Information
| Base Score |
2.4 (LOW) |
| Attack Vector |
NETWORK |
| Attack Complexity |
LOW |
| Privileges Required |
HIGH |
| User Interaction |
REQUIRED |
| Scope |
UNCHANGED |
| Confidentiality Impact |
NONE |
| Integrity Impact |
LOW |
| Availability Impact |
NONE |
AI Analysis
| AI Description |
A vulnerability in the Blog Backend of moonlightL hexo-boot 4.3.0 allows remote attackers to inject malicious scripts via the Description argument in /admin/home/index.html, leading to Cross-Site Scripting (XSS). The vulnerability can be exploited remotely, and a public exploit is available. |
| AI Severity |
Low |
| Vendor |
moonlightL |
| Product |
hexo-boot |
| Affected Version |
4.3.0 |
Additional Information
| CVE List |
CVE-2025-5010 |
| CWE List |
CWE-94, CWE-79 |
| Bulletin Family |
cve |
Description
A vulnerability classified as problematic has been found in moonlightL hexo-boot 4.3.0. This affects an unknown part of the file /admin/home/index.html of the component Blog Backend. The manipulation of the argument Description leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score Summary
Base Score: %!f(string=#) (LOW)
View Full CVE Details
