RSS   Vulnerabilities for 'HALO'   RSS

2022-04-05
 
CVE-2022-26619

CWE-434
 

 
Halo Blog CMS v1.4.17 was discovered to allow attackers to upload arbitrary files via the Attachment Upload function.

 
2022-03-24
 
CVE-2021-43659

CWE-79
 

 
In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability.

 
2022-01-13
 
CVE-2022-22125

CWE-79
 

 
In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article tag. An authenticated admin attacker can inject arbitrary javascript code that will execute on a victim�??s server.

 
2021-07-12
 
CVE-2020-18982

CWE-79
 

 
Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAuthorUrl.

 
 
CVE-2020-19037

CWE-287
 

 
Incorrect Access Control vulnearbility in Halo 0.4.3, which allows a malicious user to bypass encrption to view encrpted articles via cookies.

 
 
CVE-2020-19038

CWE-862
 

 
File Deletion vulnerability in Halo 0.4.3 via delBackup.

 
 
CVE-2020-23079

CWE-918
 

 
SSRF vulnerability in Halo <=1.3.2 exists in the SMTP configuration, which can detect the server intranet.

 
 
CVE-2020-18979

CWE-79
 

 
Cross Siste Scripting (XSS) vulnerablity in Halo 0.4.3 via the X-forwarded-for Header parameter.

 
 
CVE-2020-18980

NVD-CWE-noinfo
 

 
Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr and themeName parameters.

 
2021-05-20
 
CVE-2020-21345

CWE-79
 

 
Cross Site Scripting (XSS) vulnerability in Halo 1.1.3 via post publish components in the manage panel, which lets a remote malicious user execute arbitrary code.

 


Copyright 2024, cxsecurity.com

 

Back to Top