Halo@* Security Vulnerabilities and Issues — Halo@* CVE List

Lucene search

Fit2cloudHalo*

2 matches found

CVE•added 2022/01/13 5:15 p.m.•63 views

CVE-2022-22124

In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the profile image. An authenticated attacker can upload a carefully crafted SVG file that will trigger arbitrary javascript to run on a victim’s browser.

5.4CVSS5.2AI score0.00263EPSS

CVE•added 2022/01/13 5:15 p.m.•57 views

CVE-2022-22123

In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article title. An authenticated attacker can inject arbitrary javascript code that will execute on a victim’s server.

5.4CVSS5.2AI score0.00224EPSS