CVE-2022-22125
In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article tag. An authenticated admin attacker can inject arbitrary javascript code that will execute on a victim’s server.
Cross-site Scripting
Vendor | Product | Version |
---|---|---|
halo | halo | 1.0.0 ≤ 𝑥 ≤ 1.4.17 |
Common Weakness Enumeration