Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
halo halo vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2020-18979
Cross Siste Scripting (XSS) vulnerablity in Halo 0.4.3 via the X-forwarded-for Header parameter.
Halo Halo 0.4.3
3.5
CVSSv2
CVE-2020-18982
Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAuthorUrl.
Halo Halo 0.4.3
3.5
CVSSv2
CVE-2020-19007
Halo blog 1.2.0 allows users to submit comments on blog posts via /api/content/posts/comments. The javascript code supplied by the attacker will then execute in the victim user's browser.
Halo Halo 1.2.0
7.5
CVSSv2
CVE-2020-18980
Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr and themeName parameters.
Halo Halo 0.4.3
5
CVSSv2
CVE-2020-19037
Incorrect Access Control vulnearbility in Halo 0.4.3, which allows a malicious user to bypass encrption to view encrpted articles via cookies.
Halo Halo 0.4.3
4.3
CVSSv2
CVE-2020-21345
Cross Site Scripting (XSS) vulnerability in Halo 1.1.3 via post publish components in the manage panel, which lets a remote malicious user execute arbitrary code.
Halo Halo 1.1.3
7.5
CVSSv2
CVE-2020-21522
An issue exists in halo V1.1.3. A Zip Slip Directory Traversal Vulnerability in the backend,the attacker can overwrite some files, such as ftl files, .bashrc files in the user directory, and finally get the permissions of the operating system.
Halo Halo 1.1.3
10
CVSSv2
CVE-2020-21523
A Server-Side Freemarker template injection vulnerability in halo CMS v1.1.3 In the Edit Theme File function. The ftl file can be edited. This is the Freemarker template file. This file can cause arbitrary code execution when it is rendered in the background. exp: <#assign tes...
Halo Halo 1.1.3
4.3
CVSSv2
CVE-2018-11011
ruibaby Halo 0.0.2 has stored XSS via the commentAuthor field to FrontCommentController.java.
Halo Halo 0.0.2
4.3
CVSSv2
CVE-2018-11012
ruibaby Halo 0.0.2 has stored XSS via the loginName and loginPwd parameters in a failed login attempt to AdminController.java.
Halo Halo 0.0.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744
privilege escalation
CVE-2024-30253
CVE-2024-3914
cross-site scripting
CVE-2024-31497
CVE-2024-3400
CVE-2024-32341
hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »