Vulnerabilities > Halo > Halo > 0.4.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-03-10 | CVE-2023-27164 | Unrestricted Upload of File with Dangerous Type vulnerability in Halo An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file. | 4.8 |
2021-07-12 | CVE-2020-18982 | Cross-site Scripting vulnerability in Halo 0.4.3 Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAuthorUrl. | 3.5 |
2021-07-12 | CVE-2020-19037 | Improper Authentication vulnerability in Halo 0.4.3 Incorrect Access Control vulnearbility in Halo 0.4.3, which allows a malicious user to bypass encrption to view encrpted articles via cookies. | 5.0 |
2021-07-12 | CVE-2020-19038 | Missing Authorization vulnerability in Halo 0.4.3 File Deletion vulnerability in Halo 0.4.3 via delBackup. | 9.1 |
2021-07-12 | CVE-2020-23079 | Server-Side Request Forgery (SSRF) vulnerability in Halo SSRF vulnerability in Halo <=1.3.2 exists in the SMTP configuration, which can detect the server intranet. | 5.0 |
2021-07-12 | CVE-2020-18979 | Cross-site Scripting vulnerability in Halo 0.4.3 Cross Siste Scripting (XSS) vulnerablity in Halo 0.4.3 via the X-forwarded-for Header parameter. | 4.3 |
2021-07-12 | CVE-2020-18980 | Unspecified vulnerability in Halo 0.4.3 Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr and themeName parameters. | 7.5 |
2019-12-26 | CVE-2019-19999 | Server-Side Request Forgery (SSRF) vulnerability in Halo Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI) because TemplateClassResolver.SAFER_RESOLVER is not used in the FreeMarker configuration. | 6.5 |