CVE

CVE-2022-22125

admin

CVE-2022-22125

In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article tag. An authenticated admin attacker can inject arbitrary javascript code that will execute on a victim’s server.

Source: CVE-2022-22125

Exit mobile version