CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Fit2cloud: Security Vulnerabilities

CVE-2022-28074

Halo-1.5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via \admin\index.html#/system/tools.

CVSS Score

4.8

EPSS Score

0.002

Published

2022-04-22

CVE-2022-22123

In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article title. An authenticated attacker can inject arbitrary javascript code that will execute on a victim’s server.

CVSS Score

5.4

EPSS Score

0.002

Published

2022-01-13

CVE-2022-22124

In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the profile image. An authenticated attacker can upload a carefully crafted SVG file that will trigger arbitrary javascript to run on a victim’s browser.

CVSS Score

5.4

EPSS Score

0.003

Published

2022-01-13

Page 6

Vulnerabilities

Vulnerable Software

Fit2cloud: Security Vulnerabilities

Products

Pricing

Contact Us