Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
halo vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2019-19999
Halo prior to 1.2.0-beta.1 allows Server Side Template Injection (SSTI) because TemplateClassResolver.SAFER_RESOLVER is not used in the FreeMarker configuration.
Halo Halo
Halo Halo 1.1.3
Halo Halo 1.2.0
312
VMScore
CVE-2022-22125
In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article tag. An authenticated admin attacker can inject arbitrary javascript code that will execute on a victim’s server.
Halo Halo
445
VMScore
CVE-2020-23079
SSRF vulnerability in Halo <=1.3.2 exists in the SMTP configuration, which can detect the server intranet.
Halo Halo
NA
CVE-2023-27164
An arbitrary file upload vulnerability in Halo up to v1.6.1 allows malicious users to execute arbitrary code via a crafted .md file.
Halo Halo
570
VMScore
CVE-2020-19038
File Deletion vulnerability in Halo 0.4.3 via delBackup.
Halo Halo 0.4.3
668
VMScore
CVE-2022-32994
Halo CMS v1.5.3 exists to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload.
Halo Halo 1.5.3
668
VMScore
CVE-2022-32995
Halo CMS v1.5.3 exists to contain a Server-Side Request Forgery (SSRF) via the template remote download function.
Halo Halo 1.5.3
312
VMScore
CVE-2019-16890
Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments.
Halo Halo 1.1.0
445
VMScore
CVE-2022-26619
Halo Blog CMS v1.4.17 exists to allow malicious users to upload arbitrary files via the Attachment Upload function.
Halo Halo 1.4.17
383
VMScore
CVE-2020-21345
Cross Site Scripting (XSS) vulnerability in Halo 1.1.3 via post publish components in the manage panel, which lets a remote malicious user execute arbitrary code.
Halo Halo 1.1.3
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3012
CVE-2024-30200
XXE
CVE-2023-24955
CVE-2023-42931
CVE-2024-29231
remote code execution
cross-site scripting
CVE-2024-0677
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »