Halo is a personal blogging system for individual developers. Halo suffers from a cross-site scripting vulnerability that originates in Halo, versions v1.0.0 through v1.4.17 (latest) are vulnerable to cross-site scripting (XSS) stored in profile images, which can be exploited by an attacker to upload a crafted SVG file that will trigger arbitrary javascript to run on the victim’s browser.
CPE | Name | Operator | Version |
---|---|---|---|
Halo Halo >=1.0.0, | le | 1.4.17 |