Vulnerabilities > CVE-2022-22125 - Unspecified vulnerability in Halo

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

halo

NVD

Published: 2022-01-13

Updated: 2024-11-21

Summary

In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article tag. An authenticated admin attacker can inject arbitrary javascript code that will execute on a victim’s server.

Vulnerable Configurations

Part	Description	Count
Application	Halo Halo Halo 1.0.0 Halo Halo 1.0.1 Halo Halo 1.0.2 Halo Halo 1.0.3 Halo Halo 1.1.0 Halo Halo 1.1.1 Halo Halo 1.1.3 Halo Halo 1.2.0 Halo Halo 1.3.0 Halo Halo 1.3.1 Halo Halo 1.3.2 Halo Halo 1.4.0 Halo Halo 1.4.1 Halo Halo 1.4.2 Halo Halo 1.4.3 Halo Halo 1.4.4 Halo Halo 1.4.5 Halo Halo 1.4.6 Halo Halo 1.4.7 Halo Halo 1.4.8 Halo Halo 1.4.9 Halo Halo 1.4.10 Halo Halo 1.4.11 Halo Halo 1.4.12 Halo Halo 1.4.13 Halo Halo 1.4.14 Halo Halo 1.4.15 Halo Halo 1.4.16 Halo Halo 1.4.17	59

Summary

Vulnerable Configurations

References