CVE-2024-43792 – This Cross-Site Scripting (XSS) vulnerability i... (How to Fix)

Q: What is the severity of CVE-2024-43792?

CVE-2024-43792 has a CVSS score of 6.3 (MEDIUM). This Cross-Site Scripting (XSS) vulnerability in Halo website building tool allows attackers to inject and execute malicious scripts in users' browsers. All Halo installations running versions before 2.17.0 are affected. The vulnerability could lead to session hijacking, data theft, or website defacement.

📋 TL;DR

This Cross-Site Scripting (XSS) vulnerability in Halo website building tool allows attackers to inject and execute malicious scripts in users' browsers. All Halo installations running versions before 2.17.0 are affected. The vulnerability could lead to session hijacking, data theft, or website defacement.

💻 Affected Systems

Products:

Halo

Versions: All versions prior to 2.17.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All Halo deployments using vulnerable versions are affected regardless of configuration.

📦 What is this software?

Halo by Halo

View all CVEs affecting Halo →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker steals administrator credentials, takes full control of the Halo instance, defaces websites, or installs backdoors for persistent access.

🟠

Likely Case

Attacker steals user session cookies, performs actions as authenticated users, or redirects visitors to malicious sites.

🟢

If Mitigated

Limited impact with proper Content Security Policy (CSP) headers and input validation, though vulnerability still exists.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

XSS vulnerabilities typically have low exploitation complexity once the specific injection vector is identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.17.0+

Vendor Advisory: https://github.com/halo-dev/halo/security/advisories/GHSA-x3rj-3x75-vw4g

Restart Required: Yes

Instructions:

1. Backup your Halo database and configuration
2. Stop the Halo service
3. Update to version 2.17.0 or later using your package manager or deployment method
4. Restart the Halo service
5. Verify the update was successful

🧯 If You Can't Patch

Implement strict Content Security Policy (CSP) headers to limit script execution
Deploy a Web Application Firewall (WAF) with XSS protection rules

🔍 How to Verify

Check if Vulnerable:

Check Halo version in admin panel or via API endpoint /actuator/info

Check Version:

curl -s http://your-halo-instance/actuator/info | grep -o '"version":"[^"]*"'

Verify Fix Applied:

Confirm version is 2.17.0 or higher in admin panel

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests containing script tags or JavaScript code
Multiple failed login attempts from unexpected locations after XSS payload delivery

Network Indicators:

Outbound connections to suspicious domains from Halo server
Unexpected redirects from Halo pages

SIEM Query:

source="halo-access.log" AND ("<script" OR "javascript:" OR "onerror=" OR "onload=")

📊 Metadata

CVE ID: CVE-2024-43792

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE: CWE-79

Published: September 2, 2024

Last Updated: September 16, 2024

🔗 References

https://github.com/halo-dev/halo/security/advisories/GHSA-x3rj-3x75-vw4g Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-43792, you might also want to check these: