Vulnerabilities > Halo
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-07-12 | CVE-2020-23079 | Server-Side Request Forgery (SSRF) vulnerability in Halo SSRF vulnerability in Halo <=1.3.2 exists in the SMTP configuration, which can detect the server intranet. | 7.5 |
2021-07-12 | CVE-2020-18979 | Cross-site Scripting vulnerability in Halo 0.4.3 Cross Siste Scripting (XSS) vulnerablity in Halo 0.4.3 via the X-forwarded-for Header parameter. | 6.1 |
2021-07-12 | CVE-2020-18980 | Unspecified vulnerability in Halo 0.4.3 Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr and themeName parameters. | 9.8 |
2021-05-20 | CVE-2020-21345 | Cross-site Scripting vulnerability in Halo 1.1.3 Cross Site Scripting (XSS) vulnerability in Halo 1.1.3 via post publish components in the manage panel, which lets a remote malicious user execute arbitrary code. | 6.1 |
2020-09-30 | CVE-2020-21527 | Path Traversal vulnerability in Halo 1.1.3 There is an Arbitrary file deletion vulnerability in halo v1.1.3. | 7.7 |
2020-09-30 | CVE-2020-21526 | Path Traversal vulnerability in Halo 1.1.3 An Arbitrary file writing vulnerability in halo v1.1.3. | 9.8 |
2020-09-30 | CVE-2020-21525 | Path Traversal vulnerability in Halo 1.1.3 Halo V1.1.3 is affected by: Arbitrary File reading. | 7.5 |
2020-09-30 | CVE-2020-21524 | XXE vulnerability in Halo 1.1.3 There is a XML external entity (XXE) vulnerability in halo v1.1.3, The function of importing other blogs in the background(/api/admin/migrations/wordpress) needs to parse the xml file, but it is not used for security defense, This vulnerability can detect the intranet, read files, enable ddos attacks, etc. | 9.1 |
2020-09-30 | CVE-2020-21523 | Injection vulnerability in Halo 1.1.3 A Server-Side Freemarker template injection vulnerability in halo CMS v1.1.3 In the Edit Theme File function. | 9.8 |
2020-09-30 | CVE-2020-21522 | Path Traversal vulnerability in Halo 1.1.3 An issue was discovered in halo V1.1.3. | 9.8 |