Vulnerabilities > Halo > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-25 | CVE-2019-16890 | Cross-site Scripting vulnerability in Halo 1.1.0 Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments. | 5.4 |
| 2018-05-12 | CVE-2018-11012 | Cross-site Scripting vulnerability in Halo 0.0.2 ruibaby Halo 0.0.2 has stored XSS via the loginName and loginPwd parameters in a failed login attempt to AdminController.java. | 6.1 |
| 2018-05-12 | CVE-2018-11011 | Cross-site Scripting vulnerability in Halo 0.0.2 ruibaby Halo 0.0.2 has stored XSS via the commentAuthor field to FrontCommentController.java. | 6.1 |