Vulnerabilities > Halo > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-09-11 CVE-2024-43793 Cross-site Scripting vulnerability in Halo
Halo is an open source website building tool.
network
low complexity
halo CWE-79
6.4
2024-09-02 CVE-2024-43792 Cross-site Scripting vulnerability in Halo
Halo is an open source website building tool.
network
low complexity
halo CWE-79
6.1
2023-03-10 CVE-2023-27164 Unrestricted Upload of File with Dangerous Type vulnerability in Halo
An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file.
network
low complexity
halo CWE-434
4.8
2022-03-24 CVE-2021-43659 Cross-site Scripting vulnerability in Halo 1.4.14
In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability.
network
low complexity
halo CWE-79
5.4
2021-07-12 CVE-2020-18982 Cross-site Scripting vulnerability in Halo 0.4.3
Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAuthorUrl.
network
low complexity
halo CWE-79
5.4
2021-07-12 CVE-2020-19037 Improper Authentication vulnerability in Halo 0.4.3
Incorrect Access Control vulnearbility in Halo 0.4.3, which allows a malicious user to bypass encrption to view encrpted articles via cookies.
network
low complexity
halo CWE-287
5.3
2021-07-12 CVE-2020-18979 Cross-site Scripting vulnerability in Halo 0.4.3
Cross Siste Scripting (XSS) vulnerablity in Halo 0.4.3 via the X-forwarded-for Header parameter.
network
low complexity
halo CWE-79
6.1
2021-05-20 CVE-2020-21345 Cross-site Scripting vulnerability in Halo 1.1.3
Cross Site Scripting (XSS) vulnerability in Halo 1.1.3 via post publish components in the manage panel, which lets a remote malicious user execute arbitrary code.
network
low complexity
halo CWE-79
6.1
2020-08-26 CVE-2020-19007 Cross-site Scripting vulnerability in Halo 1.2.0
Halo blog 1.2.0 allows users to submit comments on blog posts via /api/content/posts/comments.
network
low complexity
halo CWE-79
5.4
2019-09-25 CVE-2019-16890 Cross-site Scripting vulnerability in Halo 1.1.0
Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments.
network
low complexity
halo CWE-79
5.4