2 matches found
CVE-2025-51857
The CVE-2025-51857 entry concerns Halo (AttachmentReconciler, reconcile method) with cross-site scripting (XSS) vulnerability in Halo v2.20.18LTS and earlier. Affected component is the AttachmentReconciler class’s reconcile method; the root cause is XSS exposure in this flow. Impact details in av...
Halo 跨站脚本漏洞
Halo is a personal blogging system for individual developers. Halo suffers from a cross-site scripting vulnerability that stems from a cross-site scripting XSS vulnerability via the X-forwarded-for Header parameter in Halo 0.4.3. An attacker could exploit the vulnerability to execute client-side...