exploitDog

GHSA-hgpr-6pp6-qx23

Опубликовано: 25 мар. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 5.4

Описание

In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability.

In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability.

Ссылки

EPSS

Процентиль: 43%

0.00206

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2021-43659

CVSS3: 5.4

nvd

почти 4 года назад

In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability.

EPSS

Процентиль: 43%

0.00206

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79