Filtered by vendor Halo
Subscriptions
Filtered by product Halo
Subscriptions
Total
26 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-18982 | 1 Halo | 1 Halo | 2024-08-04 | 5.4 Medium |
| Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAuthorUrl. | ||||
| CVE-2021-43659 | 1 Halo | 1 Halo | 2024-08-04 | 5.4 Medium |
| In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability. | ||||
| CVE-2022-32995 | 1 Halo | 1 Halo | 2024-08-03 | 9.8 Critical |
| Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template remote download function. | ||||
| CVE-2022-32994 | 1 Halo | 1 Halo | 2024-08-03 | 9.8 Critical |
| Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload. | ||||
| CVE-2022-26619 | 1 Halo | 1 Halo | 2024-08-03 | 7.5 High |
| Halo Blog CMS v1.4.17 was discovered to allow attackers to upload arbitrary files via the Attachment Upload function. | ||||
| CVE-2023-27164 | 1 Halo | 1 Halo | 2024-08-02 | 4.8 Medium |
| An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file. | ||||