2 matches found
CVE-2022-22124 Halo CMS - Stored Cross-Site Scripting (XSS) in Profile Image
In Halo, versions v1.0.0 to v1.4.17 latest are vulnerable to Stored Cross-Site Scripting XSS in the profile image. An authenticated attacker can upload a carefully crafted SVG file that will trigger arbitrary javascript to run on a victim’s browser...
CVE-2022-22124
CVE-2022-22124 concerns Halo CMS, affected versions v1.0.0–v1.4.17. The vulnerability is a stored cross-site scripting (XSS) in the profile image, where an authenticated attacker can upload a crafted SVG file that triggers arbitrary JavaScript in a victim’s browser. The described impact is client...