CVE Details
Basic Information
| Title |
CVE-2025-5011 |
| Type |
cve |
| Published |
2025-05-21T00:15:22 |
| Last Seen |
2025-05-21T00:20:40 |
CVSS Information
| Base Score |
2.4 (LOW) |
| Attack Vector |
NETWORK |
| Attack Complexity |
LOW |
| Privileges Required |
HIGH |
| User Interaction |
REQUIRED |
| Scope |
UNCHANGED |
| Confidentiality Impact |
NONE |
| Integrity Impact |
LOW |
| Availability Impact |
NONE |
AI Analysis
| AI Description |
A vulnerability in moonlightL hexo-boot 4.3.0 allows remote attackers to perform cross-site scripting (XSS) attacks via the /admin/home/index.html file. The vulnerability is due to insufficient input validation, which can be exploited by an attacker with high privileges. The impact is limited to integrity, with no effect on confidentiality or availability. |
| AI Severity |
Low |
| Vendor |
moonlightL |
| Product |
hexo-boot |
| Affected Version |
4.3.0 |
Additional Information
| CVE List |
CVE-2025-5011 |
| CWE List |
CWE-94, CWE-79 |
| Bulletin Family |
cve |
Description
A vulnerability classified as problematic was found in moonlightL hexo-boot 4.3.0. This vulnerability affects unknown code of the file /admin/home/index.html of the component Dynamic List Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score Summary
Base Score: %!f(string=#) (LOW)
View Full CVE Details
