Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Hugo does not escape some attributes in internal templates
Vulnerability Description
Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed below not escaped in internal render hooks. Those whoa re impacted are Hugo users who do not trust their Markdown content files and are using one or more of these templates: `_default/_markup/render-link.html` from `v0.123.0`; `_default/_markup/render-image.html` from `v0.123.0`; `_default/_markup/render-table.html` from `v0.134.0`; and/or `shortcodes/youtube.html` from `v0.125.0`. This issue is patched in v0.139.4. As a workaround, one may replace an affected component with user defined templates or disable the internal templates.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Hugo 跨站脚本漏洞
Vulnerability Description
Hugo是Gohugoio社区的一款基于Go语言用于快速生成静态站点的框架。 Hugo 0.123.0至0.139.4之前版本存在跨站脚本漏洞,该漏洞源于某些Markdown中的HTML属性在内部渲染hooks中转义不当。
CVSS Information
N/A
Vulnerability Type
N/A