CVE-2020-18979
Halo 0.4.3 is affected by a Cross-Site Scripting (XSS) vulnerability via the X-forwarded-for header parameter. The root cause is improper handling of the X-forwarded-for header that allows injection of script code, enabling client-side code execution. Exploitation details are not provided in the ...