AI Score
Confidence
High
EPSS
Percentile
24.8%
In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability.
github.com/halo-dev/halo/issues/1522