Vulnerabilities > Halo > Halo > 1.4.6

DATE CVE VULNERABILITY TITLE RISK
2023-03-10 CVE-2023-27164 Unrestricted Upload of File with Dangerous Type vulnerability in Halo
An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file.
network
low complexity
halo CWE-434
4.8
2022-01-13 CVE-2022-22125 Cross-site Scripting vulnerability in Halo
In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article tag.
network
halo CWE-79
3.5