Halo blog 1.2.0 allows users to submit comments on blog posts via /api/content/posts/comments. The javascript code supplied by the attacker will then execute in the victim user's browser.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
halo halo 1.2.0 |