ruibaby Halo 0.0.2 has stored XSS via the commentAuthor field to FrontCommentController.java.
halo halo 0.0.2