SSRF vulnerability in Halo <=1.3.2 exists in the SMTP configuration, which can detect the server intranet.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-07-12
Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr and themeName parameters.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-07-12
Cross Siste Scripting (XSS) vulnerablity in Halo 0.4.3 via the X-forwarded-for Header parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-07-12
Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI) because TemplateClassResolver.SAFER_RESOLVER is not used in the FreeMarker configuration.
CVSS Score
7.2
EPSS Score
0.004
Published
2019-12-26
Page 2