8 matches found
CVE-2025-44595
Halo v2.20.17 and before is vulnerable to Cross Site Scripting XSS in /halohost/archives/name...
CVE-2025-44594
halo v2.20.17 and before is vulnerable to server-side request forgery SSRF in /apis/uc.api.storage.halo.run/v1alpha1/attachments/-/upload-from-url...
CVE-2025-44595
Halo v2.20.17 and before is vulnerable to Cross Site Scripting XSS in /halohost/archives/name...
CVE-2025-44594
halo v2.20.17 and before is vulnerable to server-side request forgery SSRF in /apis/uc.api.storage.halo.run/v1alpha1/attachments/-/upload-from-url...
CVE-2025-44595
Halo v2.20.17 and before is vulnerable to Cross Site Scripting XSS in /halohost/archives/name...
Halo 安全漏洞
Halo is a powerful and easy-to-use open source website builder from Halo Open Source. A security vulnerability exists in Halo v.2.20.18LTS and earlier versions, which stems from cross-site scripting in the reconcile method of the AttachmentReconciler class...
CVE-2025-40846
Improper Input Validation, the returnUrl parameter in Account Security Settings lacks proper input validation, allowing attackers to redirect users to malicious websites Open Redirect and inject JavaScript code to perform cross site scripting attack. The vulnerability affects Halo versions up to...
Halo 安全漏洞
Halo is a powerful and easy-to-use open source website builder from Halo Open Source. A security vulnerability exists in Halo versions prior to 2.17.0. An attacker exploited the vulnerability to execute malicious scripts in a user's browser via specific HTML and JavaScript code...