Halo CMS - Stored Cross-Site Scripting (XSS) in Article's Tag
CVE-2022-22125
4.8MEDIUM
What is CVE-2022-22125?
In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article tag. An authenticated admin attacker can inject arbitrary javascript code that will execute on a victim’s server.
Affected Version(s)
halo v1.0.0
halo <= unspecified