CVEDB API - Fast Vulnerability Dashboard

Vulnerabilities

Vulnerable Software

Halo: >> Halo >> 0.0.2 Security Vulnerabilities

CVE-2019-19999

Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI) because TemplateClassResolver.SAFER_RESOLVER is not used in the FreeMarker configuration.

CVSS Score

7.2

EPSS Score

0.004

Published

2019-12-26

CVE-2018-11011

ruibaby Halo 0.0.2 has stored XSS via the commentAuthor field to FrontCommentController.java.

CVSS Score

6.1

EPSS Score

0.002

Published

2018-05-12

CVE-2018-11012

ruibaby Halo 0.0.2 has stored XSS via the loginName and loginPwd parameters in a failed login attempt to AdminController.java.

CVSS Score

6.1

EPSS Score

0.002

Published

2018-05-12

Prev

Page 2

Products

Pricing

Contact Us

support@shodan.io

Shodan ® - All rights reserved