Vulnerabilities > Halo > Halo > 1.4.17

DATE CVE VULNERABILITY TITLE RISK
2023-03-10 CVE-2023-27164 Unrestricted Upload of File with Dangerous Type vulnerability in Halo
An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file.
network
low complexity
halo CWE-434
4.8
4.8
2022-04-05 CVE-2022-26619 Unrestricted Upload of File with Dangerous Type vulnerability in Halo 1.4.17
Halo Blog CMS v1.4.17 was discovered to allow attackers to upload arbitrary files via the Attachment Upload function.
network
low complexity
halo CWE-434
5.0
5.0
2022-01-13 CVE-2022-22125 Cross-site Scripting vulnerability in Halo
In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article tag.
network
halo CWE-79
3.5
3.5