Vulnerabilities > Halo > Low

DATE CVE VULNERABILITY TITLE RISK
2022-03-24 CVE-2021-43659 Cross-site Scripting vulnerability in Halo 1.4.14
In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability.
network
halo CWE-79
3.5
2022-01-13 CVE-2022-22125 Cross-site Scripting vulnerability in Halo
In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article tag.
network
halo CWE-79
3.5
2021-07-12 CVE-2020-18982 Cross-site Scripting vulnerability in Halo 0.4.3
Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAuthorUrl.
network
halo CWE-79
3.5
2020-08-26 CVE-2020-19007 Cross-site Scripting vulnerability in Halo 1.2.0
Halo blog 1.2.0 allows users to submit comments on blog posts via /api/content/posts/comments.
network
halo CWE-79
3.5
2019-09-25 CVE-2019-16890 Cross-site Scripting vulnerability in Halo 1.1.0
Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments.
network
halo CWE-79
3.5