Vulnerabilities > Halo > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-09-11 | CVE-2024-43793 | Cross-site Scripting vulnerability in Halo Halo is an open source website building tool. | 6.4 |
2024-09-02 | CVE-2024-43792 | Cross-site Scripting vulnerability in Halo Halo is an open source website building tool. | 6.1 |
2023-03-10 | CVE-2023-27164 | Unrestricted Upload of File with Dangerous Type vulnerability in Halo An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file. | 4.8 |
2022-03-24 | CVE-2021-43659 | Cross-site Scripting vulnerability in Halo 1.4.14 In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability. | 5.4 |
2021-07-12 | CVE-2020-18982 | Cross-site Scripting vulnerability in Halo 0.4.3 Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAuthorUrl. | 5.4 |
2021-07-12 | CVE-2020-19037 | Improper Authentication vulnerability in Halo 0.4.3 Incorrect Access Control vulnearbility in Halo 0.4.3, which allows a malicious user to bypass encrption to view encrpted articles via cookies. | 5.3 |
2021-07-12 | CVE-2020-18979 | Cross-site Scripting vulnerability in Halo 0.4.3 Cross Siste Scripting (XSS) vulnerablity in Halo 0.4.3 via the X-forwarded-for Header parameter. | 6.1 |
2021-05-20 | CVE-2020-21345 | Cross-site Scripting vulnerability in Halo 1.1.3 Cross Site Scripting (XSS) vulnerability in Halo 1.1.3 via post publish components in the manage panel, which lets a remote malicious user execute arbitrary code. | 6.1 |
2020-08-26 | CVE-2020-19007 | Cross-site Scripting vulnerability in Halo 1.2.0 Halo blog 1.2.0 allows users to submit comments on blog posts via /api/content/posts/comments. | 5.4 |
2019-09-25 | CVE-2019-16890 | Cross-site Scripting vulnerability in Halo 1.1.0 Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments. | 5.4 |