Filtered by vendor Halo
Subscribe
Total
24 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19999 | 1 Halo | 1 Halo | 2020-01-08 | 6.5 MEDIUM | 7.2 HIGH |
| Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI) because TemplateClassResolver.SAFER_RESOLVER is not used in the FreeMarker configuration. | |||||
| CVE-2018-11011 | 1 Halo | 1 Halo | 2019-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| ruibaby Halo 0.0.2 has stored XSS via the commentAuthor field to FrontCommentController.java. | |||||
| CVE-2018-11012 | 1 Halo | 1 Halo | 2019-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| ruibaby Halo 0.0.2 has stored XSS via the loginName and loginPwd parameters in a failed login attempt to AdminController.java. | |||||
| CVE-2019-16890 | 1 Halo | 1 Halo | 2019-09-26 | 3.5 LOW | 5.4 MEDIUM |
| Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments. | |||||