Vulnerabilities > Halo > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-24 | CVE-2021-43659 | Cross-site Scripting vulnerability in Halo 1.4.14 In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability. | 3.5 |
| 2022-01-13 | CVE-2022-22125 | Cross-site Scripting vulnerability in Halo In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article tag. | 3.5 |
| 2021-07-12 | CVE-2020-18982 | Cross-site Scripting vulnerability in Halo 0.4.3 Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAuthorUrl. | 3.5 |
| 2020-08-26 | CVE-2020-19007 | Cross-site Scripting vulnerability in Halo 1.2.0 Halo blog 1.2.0 allows users to submit comments on blog posts via /api/content/posts/comments. | 3.5 |
| 2019-09-25 | CVE-2019-16890 | Cross-site Scripting vulnerability in Halo 1.1.0 Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments. | 3.5 |