Lucene search
K

8 matches found

NVD
NVD
added 2025/09/09 9:15 p.m.3 views

CVE-2025-44595

Halo v2.20.17 and before is vulnerable to Cross Site Scripting XSS in /halohost/archives/name...

6.1CVSS0.00221EPSS
Exploits0References1
OSV
OSV
added 2025/09/09 8:15 p.m.1 views

CVE-2025-44594

halo v2.20.17 and before is vulnerable to server-side request forgery SSRF in /apis/uc.api.storage.halo.run/v1alpha1/attachments/-/upload-from-url...

9.1CVSS7AI score
Exploits0References1
Cvelist
Cvelist
added 2025/09/09 12:0 a.m.6 views

CVE-2025-44595

Halo v2.20.17 and before is vulnerable to Cross Site Scripting XSS in /halohost/archives/name...

0.00221EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/09 12:0 a.m.9 views

CVE-2025-44594

halo v2.20.17 and before is vulnerable to server-side request forgery SSRF in /apis/uc.api.storage.halo.run/v1alpha1/attachments/-/upload-from-url...

0.00348EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/09 12:0 a.m.2 views

CVE-2025-44595

Halo v2.20.17 and before is vulnerable to Cross Site Scripting XSS in /halohost/archives/name...

5.6AI score0.00221EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/05 12:0 a.m.2 views

Halo 安全漏洞

Halo is a powerful and easy-to-use open source website builder from Halo Open Source. A security vulnerability exists in Halo v.2.20.18LTS and earlier versions, which stems from cross-site scripting in the reconcile method of the AttachmentReconciler class...

6.1CVSS6AI score0.00278EPSS
Exploits0References4
NVD
NVD
added 2025/05/08 9:15 a.m.21 views

CVE-2025-40846

Improper Input Validation, the returnUrl parameter in Account Security Settings lacks proper input validation, allowing attackers to redirect users to malicious websites Open Redirect and inject JavaScript code to perform cross site scripting attack. The vulnerability affects Halo versions up to...

7.1CVSS0.00293EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/09/02 12:0 a.m.5 views

Halo 安全漏洞

Halo is a powerful and easy-to-use open source website builder from Halo Open Source. A security vulnerability exists in Halo versions prior to 2.17.0. An attacker exploited the vulnerability to execute malicious scripts in a user's browser via specific HTML and JavaScript code...

6.3CVSS6.7AI score0.00331EPSS
Exploits1References2
Rows per page
Query Builder