Vulnerabilities > Halo > Halo > 1.1.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-11 | CVE-2024-43793 | Cross-site Scripting vulnerability in Halo Halo is an open source website building tool. | 6.4 |
| 2024-09-02 | CVE-2024-43792 | Cross-site Scripting vulnerability in Halo Halo is an open source website building tool. | 6.1 |
| 2023-03-10 | CVE-2023-27164 | Unrestricted Upload of File with Dangerous Type vulnerability in Halo An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file. | 4.8 |
| 2021-07-12 | CVE-2020-23079 | Server-Side Request Forgery (SSRF) vulnerability in Halo SSRF vulnerability in Halo <=1.3.2 exists in the SMTP configuration, which can detect the server intranet. | 7.5 |
| 2019-12-26 | CVE-2019-19999 | Server-Side Request Forgery (SSRF) vulnerability in Halo Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI) because TemplateClassResolver.SAFER_RESOLVER is not used in the FreeMarker configuration. | 7.2 |
| 2019-09-25 | CVE-2019-16890 | Cross-site Scripting vulnerability in Halo 1.1.0 Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments. | 5.4 |