Cross site scripting

2022-03-2414:15:00

PRIOn knowledge base

www.prio-n.com

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.8%

JSON

In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability.

CPENameOperatorVersion
haloeq1.4.14

CPE	Name	Operator	Version
	halo	eq	1.4.14

References

github.com/halo-dev/halo/issues/1522