Halo: Security Vulnerabilities
An issue was discovered in halo V1.1.3. A Zip Slip Directory Traversal Vulnerability in the backend,the attacker can overwrite some files, such as ftl files, .bashrc files in the user directory, and finally get the permissions of the operating system.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-09-30
A Server-Side Freemarker template injection vulnerability in halo CMS v1.1.3 In the Edit Theme File function. The ftl file can be edited. This is the Freemarker template file. This file can cause arbitrary code execution when it is rendered in the background. exp: <#assign test="freemarker.template.utility.Execute"?new()> ${test("touch /tmp/freemarkerPwned")}
CVSS Score
9.8
EPSS Score
0.008
Published
2020-09-30
Halo blog 1.2.0 allows users to submit comments on blog posts via /api/content/posts/comments. The javascript code supplied by the attacker will then execute in the victim user's browser.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-08-26
Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI) because TemplateClassResolver.SAFER_RESOLVER is not used in the FreeMarker configuration.
CVSS Score
7.2
EPSS Score
0.004
Published
2019-12-26
Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-09-25
ruibaby Halo 0.0.2 has stored XSS via the commentAuthor field to FrontCommentController.java.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-05-12
ruibaby Halo 0.0.2 has stored XSS via the loginName and loginPwd parameters in a failed login attempt to AdminController.java.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-05-12
Page 3