NotCVE - vendor:"Halo" product:"Halo" version:" <= 1.1.1"

Page 3 of 16 results (0.002 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-18980

https://notcve.org/view.php?id=CVE-2020-18980

Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr and themeName parameters. Una vulnerabilidad de Ejecución de Código Remota en Halo versión 0.4.3, por medio de los parámetros remoteAddr y themeName • https://github.com/halo-dev/halo/issues/134 •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-18979

https://notcve.org/view.php?id=CVE-2020-18979

Cross Siste Scripting (XSS) vulnerablity in Halo 0.4.3 via the X-forwarded-for Header parameter. Una vulnerabilidad de tipo Cross Siste Scripting (XSS) en Halo versión 0.4.3, por medio del parámetro X-forwarded-for Header • https://github.com/halo-dev/halo/issues/126 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 1%CPEs: 4EXPL: 2

CVE-2019-19999

https://notcve.org/view.php?id=CVE-2019-19999

Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI) because TemplateClassResolver.SAFER_RESOLVER is not used in the FreeMarker configuration. Halo en versiones anteriores a la 1.2.0-beta.1 permite la inyección de plantillas del lado del servidor (SSTI) porque TemplateClassResolver.SAFER_RESOLVER no se utiliza en la configuración de FreeMarker. • https://github.com/halo-dev/halo/compare/v1.1.3-beta.2...v1.2.0-beta.1 https://github.com/halo-dev/halo/issues/419 https://github.com/halo-dev/halo/issues/440 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2019-16890

https://notcve.org/view.php?id=CVE-2019-16890

Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments. Halo versiones 1.1.0 presenta una vulnerabilidad de tipo XSS por medio de un authorUrl diseñado en datos JSON en el archivo api/content/posts/comments. • https://github.com/halo-dev/halo/issues/311 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-11011

https://notcve.org/view.php?id=CVE-2018-11011

ruibaby Halo 0.0.2 has stored XSS via the commentAuthor field to FrontCommentController.java. ruibaby Halo 0.0.2 tiene Cross-Site Scripting (XSS) persistente mediante el campo commentAuthor en FrontCommentController.java. • https://github.com/ruibaby/halo/issues/9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2 3 4