Vulnerabilities > Halo > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-05-12 CVE-2018-11012 Cross-site Scripting vulnerability in Halo 0.0.2
ruibaby Halo 0.0.2 has stored XSS via the loginName and loginPwd parameters in a failed login attempt to AdminController.java.
network
low complexity
halo CWE-79
6.1
2018-05-12 CVE-2018-11011 Cross-site Scripting vulnerability in Halo 0.0.2
ruibaby Halo 0.0.2 has stored XSS via the commentAuthor field to FrontCommentController.java.
network
low complexity
halo CWE-79
6.1