CVE-2022-22123
Halo CMS contains a Stored XSS vulnerability affecting versions 1.0.0 through 1.4.17 (latest). The flaw is in the article title, allowing an authenticated attacker to inject arbitrary JavaScript that executes on a victim’s server. Root cause is a stored XSS in the title field; impact includes pot...