Описание
Halo blog 1.2.0 allows users to submit comments on blog posts via /api/content/posts/comments. The javascript code supplied by the attacker will then execute in the victim user's browser.
Halo blog 1.2.0 allows users to submit comments on blog posts via /api/content/posts/comments. The javascript code supplied by the attacker will then execute in the victim user's browser.
EPSS
Процентиль: 41%
0.00191
Низкий
CVE ID
Связанные уязвимости
CVSS3: 5.4
nvd
больше 5 лет назад
Halo blog 1.2.0 allows users to submit comments on blog posts via /api/content/posts/comments. The javascript code supplied by the attacker will then execute in the victim user's browser.
EPSS
Процентиль: 41%
0.00191
Низкий