Unrated severityNVD Advisory· Published Jan 13, 2022· Updated Sep 17, 2024
Halo CMS - Stored Cross-Site Scripting (XSS) in Profile Image
CVE-2022-22124
Description
In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the profile image. An authenticated attacker can upload a carefully crafted SVG file that will trigger arbitrary javascript to run on a victim’s browser.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
3- github.com/halo-dev/halo/blob/v1.4.17/src/main/java/run/halo/app/handler/file/FileHandler.javamitrex_refsource_MISC
- github.com/halo-dev/halo/issues/1575mitrex_refsource_MISC
- www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22124mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.