XSS - Cross Site Scripting at Hugo Static Website?

What are the xss attack vectors on a website created with hugo? Is it a danger and how is it closed?