Vulnerabilities > Halo

DATE CVE VULNERABILITY TITLE RISK
2022-04-05 CVE-2022-26619 Unrestricted Upload of File with Dangerous Type vulnerability in Halo 1.4.17
Halo Blog CMS v1.4.17 was discovered to allow attackers to upload arbitrary files via the Attachment Upload function.
network
low complexity
halo CWE-434
5.0
2022-03-24 CVE-2021-43659 Cross-site Scripting vulnerability in Halo 1.4.14
In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability.
network
halo CWE-79
3.5
2022-01-13 CVE-2022-22125 Cross-site Scripting vulnerability in Halo
In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article tag.
network
halo CWE-79
3.5
2021-07-12 CVE-2020-18982 Cross-site Scripting vulnerability in Halo 0.4.3
Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAuthorUrl.
network
halo CWE-79
3.5
2021-07-12 CVE-2020-19037 Improper Authentication vulnerability in Halo 0.4.3
Incorrect Access Control vulnearbility in Halo 0.4.3, which allows a malicious user to bypass encrption to view encrpted articles via cookies.
network
low complexity
halo CWE-287
5.0
2021-07-12 CVE-2020-19038 Missing Authorization vulnerability in Halo 0.4.3
File Deletion vulnerability in Halo 0.4.3 via delBackup.
network
low complexity
halo CWE-862
6.4
2021-07-12 CVE-2020-23079 Server-Side Request Forgery (SSRF) vulnerability in Halo
SSRF vulnerability in Halo <=1.3.2 exists in the SMTP configuration, which can detect the server intranet.
network
low complexity
halo CWE-918
5.0
2021-07-12 CVE-2020-18979 Cross-site Scripting vulnerability in Halo 0.4.3
Cross Siste Scripting (XSS) vulnerablity in Halo 0.4.3 via the X-forwarded-for Header parameter.
network
halo CWE-79
4.3
2021-07-12 CVE-2020-18980 Unspecified vulnerability in Halo 0.4.3
Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr and themeName parameters.
network
low complexity
halo
7.5
2021-05-20 CVE-2020-21345 Cross-site Scripting vulnerability in Halo 1.1.3
Cross Site Scripting (XSS) vulnerability in Halo 1.1.3 via post publish components in the manage panel, which lets a remote malicious user execute arbitrary code.
network
halo CWE-79
4.3