Halo is a personal blogging system for individual developers. Halo suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data in the WEB application, which could be exploited by attackers to execute client-side code.