exploitDog

GHSA-3g85-r6x7-j7mx

Опубликовано: 14 янв. 2022

Источник: github

Github: Не прошло ревью

Описание

In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article tag. An authenticated admin attacker can inject arbitrary javascript code that will execute on a victim’s server.

In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article tag. An authenticated admin attacker can inject arbitrary javascript code that will execute on a victim’s server.

Ссылки

EPSS

Процентиль: 61%

0.00419

Низкий

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2022-22125

CVSS3: 4.8

nvd

около 4 лет назад

In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article tag. An authenticated admin attacker can inject arbitrary javascript code that will execute on a victim’s server.

EPSS

Процентиль: 61%

0.00419

Низкий

CVE ID

Дефекты

CWE-79