Halo is a personal blogging system for individual developers. Halo has a cross-site scripting vulnerability that originates in Halo, v1.0.0 to v1.4.17 (latest) versions are vulnerable to cross-site scripting (XSS) attacks stored in article headers, which can be exploited by attackers to inject arbitrary javascript code that will be executed on the victim’s server.
CPE | Name | Operator | Version |
---|---|---|---|
Halo Halo >=1.0.0, | le | 1.4.17 |