2 matches found
PT-2025-31954 · Halo · Halo
Name of the Vulnerable Software and Affected Versions: Halo versions prior to 2.20.18LTS Description: The reconcile method within the AttachmentReconciler class is susceptible to Cross-Site Scripting XSS attacks. Recommendations: Update to a version of Halo later than 2.20.18LTS...
PT-2023-20983 · Halo · Halo
Name of the Vulnerable Software and Affected Versions: Halo versions up to 1.6.1 Description: The issue allows attackers to execute arbitrary code via a crafted .md file due to an arbitrary file upload vulnerability. Recommendations: For versions up to 1.6.1, update to a version later than 1.6.1 ...