Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
halo vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2022-26619
Halo Blog CMS v1.4.17 exists to allow malicious users to upload arbitrary files via the Attachment Upload function.
Halo Halo 1.4.17
4.3
CVSSv2
CVE-2020-18979
Cross Siste Scripting (XSS) vulnerablity in Halo 0.4.3 via the X-forwarded-for Header parameter.
Halo Halo 0.4.3
7.5
CVSSv2
CVE-2020-18980
Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr and themeName parameters.
Halo Halo 0.4.3
3.5
CVSSv2
CVE-2020-18982
Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAuthorUrl.
Halo Halo 0.4.3
6.4
CVSSv2
CVE-2020-19038
File Deletion vulnerability in Halo 0.4.3 via delBackup.
Halo Halo 0.4.3
5
CVSSv2
CVE-2020-19037
Incorrect Access Control vulnearbility in Halo 0.4.3, which allows a malicious user to bypass encrption to view encrpted articles via cookies.
Halo Halo 0.4.3
7.5
CVSSv2
CVE-2022-32994
Halo CMS v1.5.3 exists to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload.
Halo Halo 1.5.3
7.5
CVSSv2
CVE-2022-32995
Halo CMS v1.5.3 exists to contain a Server-Side Request Forgery (SSRF) via the template remote download function.
Halo Halo 1.5.3
4.3
CVSSv2
CVE-2018-11011
ruibaby Halo 0.0.2 has stored XSS via the commentAuthor field to FrontCommentController.java.
Halo Halo 0.0.2
4.3
CVSSv2
CVE-2020-21345
Cross Site Scripting (XSS) vulnerability in Halo 1.1.3 via post publish components in the manage panel, which lets a remote malicious user execute arbitrary code.
Halo Halo 1.1.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21987
buffer overflow
CVE-2024-28890
CVE-2024-27574
CVE-2024-27347
CVE-2024-31450
privilege
SSTI
CVE-2024-31666
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »