2 matches found
CVE-2019-16890
Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments...
CVE-2019-16890
CVE-2019-16890 affects Halo 1.1.0 with a stored/reflective XSS via a crafted authorUrl in JSON data sent to api/content/posts/comments. The root cause is unvalidated input in the JSON path used for comments, enabling script injection. Documented impact is user-visible XSS; baseline CVSS includes ...