Unrated severityNVD Advisory· Published Aug 26, 2020· Updated Aug 4, 2024
CVE-2020-19007
CVE-2020-19007
Description
Halo blog 1.2.0 allows users to submit comments on blog posts via /api/content/posts/comments. The javascript code supplied by the attacker will then execute in the victim user's browser.
Affected products
2- Halo/blogdescription
Patches
Vulnerability mechanics
References
1- github.com/halo-dev/halo/issues/547mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.