Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Halo Subscribe
Filtered by product Halo
Total 24 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-19999 1 Halo 1 Halo 2020-01-08 6.5 MEDIUM 7.2 HIGH
Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI) because TemplateClassResolver.SAFER_RESOLVER is not used in the FreeMarker configuration.
CVE-2018-11011 1 Halo 1 Halo 2019-10-04 4.3 MEDIUM 6.1 MEDIUM
ruibaby Halo 0.0.2 has stored XSS via the commentAuthor field to FrontCommentController.java.
CVE-2018-11012 1 Halo 1 Halo 2019-10-04 4.3 MEDIUM 6.1 MEDIUM
ruibaby Halo 0.0.2 has stored XSS via the loginName and loginPwd parameters in a failed login attempt to AdminController.java.
CVE-2019-16890 1 Halo 1 Halo 2019-09-26 3.5 LOW 5.4 MEDIUM
Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments.