VYPR
Vendor

Halo CMS

Products
1
CVEs
3
Across products
3
Status
Private

Products

1

Recent CVEs

3
  • CVE-2022-32995CriJun 27, 2022
    risk 0.65cvss 9.8epss 0.16

    Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template remote download function.

  • CVE-2022-32994CriJun 27, 2022
    risk 0.65cvss 9.8epss 0.17

    Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload.

  • CVE-2025-60898MedOct 29, 2025
    risk 0.38cvss 5.8epss 0.00

    An unauthenticated server-side request forgery (SSRF) vulnerability in the Thumbnail via-uri endpoint of Halo CMS 2.21 allows a remote attacker to cause the server to issue HTTP requests to attacker-controlled URLs, including internal addresses. The endpoint performs a…