Halo CMS
by Halo CMS
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-32995 | Cri | 0.65 | 9.8 | 0.16 | Jun 27, 2022 | Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template remote download function. | ||
| CVE-2022-32994 | Cri | 0.65 | 9.8 | 0.17 | Jun 27, 2022 | Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload. | ||
| CVE-2025-60898 | Med | 0.38 | 5.8 | 0.00 | Oct 29, 2025 | An unauthenticated server-side request forgery (SSRF) vulnerability in the Thumbnail via-uri endpoint of Halo CMS 2.21 allows a remote attacker to cause the server to issue HTTP requests to attacker-controlled URLs, including internal addresses. The endpoint performs a… |
- risk 0.65cvss 9.8epss 0.16
Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template remote download function.
- risk 0.65cvss 9.8epss 0.17
Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload.
- risk 0.38cvss 5.8epss 0.00
An unauthenticated server-side request forgery (SSRF) vulnerability in the Thumbnail via-uri endpoint of Halo CMS 2.21 allows a remote attacker to cause the server to issue HTTP requests to attacker-controlled URLs, including internal addresses. The endpoint performs a…