Vulnerabilities > Halo > Halo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-10 | CVE-2023-27164 | Unrestricted Upload of File with Dangerous Type vulnerability in Halo An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file. | 4.8 |
| 2022-06-27 | CVE-2022-32994 | Unrestricted Upload of File with Dangerous Type vulnerability in Halo 1.5.3 Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload. | 7.5 |
| 2022-06-27 | CVE-2022-32995 | Server-Side Request Forgery (SSRF) vulnerability in Halo 1.5.3 Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template remote download function. | 7.5 |
| 2022-04-05 | CVE-2022-26619 | Unrestricted Upload of File with Dangerous Type vulnerability in Halo 1.4.17 Halo Blog CMS v1.4.17 was discovered to allow attackers to upload arbitrary files via the Attachment Upload function. | 5.0 |
| 2022-03-24 | CVE-2021-43659 | Cross-site Scripting vulnerability in Halo 1.4.14 In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability. | 3.5 |
| 2022-01-13 | CVE-2022-22125 | Cross-site Scripting vulnerability in Halo In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article tag. | 3.5 |
| 2021-07-12 | CVE-2020-18982 | Cross-site Scripting vulnerability in Halo 0.4.3 Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAuthorUrl. | 3.5 |
| 2021-07-12 | CVE-2020-19037 | Improper Authentication vulnerability in Halo 0.4.3 Incorrect Access Control vulnearbility in Halo 0.4.3, which allows a malicious user to bypass encrption to view encrpted articles via cookies. | 5.0 |
| 2021-07-12 | CVE-2020-19038 | Missing Authorization vulnerability in Halo 0.4.3 File Deletion vulnerability in Halo 0.4.3 via delBackup. | 9.1 |
| 2021-07-12 | CVE-2020-23079 | Server-Side Request Forgery (SSRF) vulnerability in Halo SSRF vulnerability in Halo <=1.3.2 exists in the SMTP configuration, which can detect the server intranet. | 5.0 |