Vulnerabilities > Halo

DATE CVE VULNERABILITY TITLE RISK
2024-09-11 CVE-2024-43793 Cross-site Scripting vulnerability in Halo
Halo is an open source website building tool.
network
low complexity
halo CWE-79
6.4
2024-09-02 CVE-2024-43792 Cross-site Scripting vulnerability in Halo
Halo is an open source website building tool.
network
low complexity
halo CWE-79
6.1
2023-03-10 CVE-2023-27164 Unrestricted Upload of File with Dangerous Type vulnerability in Halo
An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file.
network
low complexity
halo CWE-434
4.8
2022-06-27 CVE-2022-32994 Unrestricted Upload of File with Dangerous Type vulnerability in Halo 1.5.3
Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload.
network
low complexity
halo CWE-434
7.5
2022-06-27 CVE-2022-32995 Server-Side Request Forgery (SSRF) vulnerability in Halo 1.5.3
Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template remote download function.
network
low complexity
halo CWE-918
7.5
2022-04-05 CVE-2022-26619 Unrestricted Upload of File with Dangerous Type vulnerability in Halo 1.4.17
Halo Blog CMS v1.4.17 was discovered to allow attackers to upload arbitrary files via the Attachment Upload function.
network
low complexity
halo CWE-434
5.0
2022-03-24 CVE-2021-43659 Cross-site Scripting vulnerability in Halo 1.4.14
In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability.
network
halo CWE-79
3.5
2022-01-13 CVE-2022-22125 Cross-site Scripting vulnerability in Halo
In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article tag.
network
halo CWE-79
3.5
2021-07-12 CVE-2020-18982 Cross-site Scripting vulnerability in Halo 0.4.3
Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAuthorUrl.
network
halo CWE-79
3.5
2021-07-12 CVE-2020-19037 Improper Authentication vulnerability in Halo 0.4.3
Incorrect Access Control vulnearbility in Halo 0.4.3, which allows a malicious user to bypass encrption to view encrpted articles via cookies.
network
low complexity
halo CWE-287
5.0