📦 Halo

This SSRF vulnerability in halo allows attackers to make the server send arbitrary HTTP requests to internal systems. Attackers can potentially access internal services, exfiltrate data, or perform in...

This vulnerability in Halo website building software allows attackers to bypass file upload validation controls. Attackers can upload malicious files like executables and HTML, leading to stored cross...

Halo CMS v1.5.3 contains an arbitrary file upload vulnerability in the /api/admin/attachments/upload endpoint that allows authenticated attackers to upload malicious files. This affects all Halo CMS v...

CVE-2020-19038 is a file deletion vulnerability in Halo blogging platform that allows attackers to delete arbitrary files on the server via the delBackup function. This affects Halo 0.4.3 installation...

CVE-2020-18980 is a remote code execution vulnerability in Halo blogging platform version 0.4.3 that allows attackers to execute arbitrary code on affected systems by exploiting the remoteAddr and the...

This XML External Entity (XXE) vulnerability in Halo v1.1.3 allows attackers to read arbitrary files, scan internal networks, and conduct denial-of-service attacks through the WordPress import functio...

CVE-2020-21526 is a critical directory traversal vulnerability in Halo v1.1.3 that allows authenticated attackers to write arbitrary files to the server filesystem by bypassing path validation using t...

CVE-2020-21522 is a Zip Slip directory traversal vulnerability in Halo CMS version 1.1.3 that allows attackers to overwrite critical system files through malicious archive uploads. This affects all sy...

This vulnerability in Halo blogging software allows remote attackers to cause denial of service by sending specially crafted payloads to the public comment submission endpoint. All Halo installations ...

Halo v2.20.17 and earlier contains a cross-site scripting (XSS) vulnerability in the /halo_host/archives/{name} endpoint. This allows attackers to inject malicious scripts that execute in users' brows...

This Cross-Site Scripting (XSS) vulnerability in Halo versions before 2.19.0 allows attackers to inject malicious scripts into web pages viewed by users. Attackers can steal session cookies, redirect ...

This Cross-Site Scripting (XSS) vulnerability in Halo website building tool allows attackers to inject and execute malicious scripts in users' browsers. All Halo installations running versions before ...

This vulnerability in Halo's Configuration Handler component allows remote attackers to access sensitive information through the /actuator endpoint. It affects Halo installations up to version 2.21.10...