5.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
24.8%
Halo blog 1.2.0 allows users to submit comments on blog posts via /api/content/posts/comments. The javascript code supplied by the attacker will then execute in the victim user’s browser.
github.com/halo-dev/halo/issues/547