CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Halo: >> Halo >> 1.4.14 Security Vulnerabilities

CVE-2022-22125

In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article tag. An authenticated admin attacker can inject arbitrary javascript code that will execute on a victim’s server.

CVSS Score

4.8

EPSS Score

0.004

Published

2022-01-13

Page 2

Vulnerabilities

Vulnerable Software

Halo: >> Halo >> 1.4.14 Security Vulnerabilities

Products

Pricing

Contact Us