4 matches found
CVE-2021-43659
creationtimestamp| type| source ---|---|--- 2022-03-24 17:29:38+00:00| seen| https://t.me/cibsecurity/39491...
CVE-2021-43659
In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability...
CVE-2021-43659
CVE-2021-43659 affects Halo 1.4.14, where the avatar upload handler accepts arbitrary files (e.g., HTML), enabling a stored cross‑site scripting (XSS) vulnerability. The issue stems from the avatar upload point and can be triggered by uploading non-image HTML content. Several connected reports de...
CVE-2021-43659
In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability...