Vulnerabilities > Halo

DATE	CVE	VULNERABILITY TITLE	RISK
2020-09-30	CVE-2020-21522	Path Traversal vulnerability in Halo 1.1.3 An issue was discovered in halo V1.1.3. network low complexity halo CWE-22 critical	9.8
2020-08-26	CVE-2020-19007	Cross-site Scripting vulnerability in Halo 1.2.0 Halo blog 1.2.0 allows users to submit comments on blog posts via /api/content/posts/comments. network low complexity halo CWE-79	5.4
2019-12-26	CVE-2019-19999	Server-Side Request Forgery (SSRF) vulnerability in Halo Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI) because TemplateClassResolver.SAFER_RESOLVER is not used in the FreeMarker configuration. network low complexity halo CWE-918	7.2
2019-09-25	CVE-2019-16890	Cross-site Scripting vulnerability in Halo 1.1.0 Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments. network low complexity halo CWE-79	5.4
2018-05-12	CVE-2018-11012	Cross-site Scripting vulnerability in Halo 0.0.2 ruibaby Halo 0.0.2 has stored XSS via the loginName and loginPwd parameters in a failed login attempt to AdminController.java. network low complexity halo CWE-79	6.1
2018-05-12	CVE-2018-11011	Cross-site Scripting vulnerability in Halo 0.0.2 ruibaby Halo 0.0.2 has stored XSS via the commentAuthor field to FrontCommentController.java. network low complexity halo CWE-79	6.1

Vulnerabilities > Halo {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Halo"}]}