3 matches found
CVE-2018-11012
ruibaby Halo 0.0.2 has stored XSS via the loginName and loginPwd parameters in a failed login attempt to AdminController.java...
CVE-2018-11012
ruibaby Halo 0.0.2 has stored XSS via the loginName and loginPwd parameters in a failed login attempt to AdminController.java...
CVE-2018-11012
ruibaby Halo 0.0.2 has a stored cross-site scripting vulnerability in which unsanitized input from loginName/loginPwd during a failed login to AdminController.java can be persisted and later executed in victims’ browsers. Public records list CVSS2 base 4.3 (MEDIUM) and CVSS3 base 6.1 (MEDIUM); no...