Vendor CVEs
Halo Dev
All CVEs
43 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-40846 | Hig | 0.46 | — | 0.00 | May 8, 2025 | Improper Input Validation, the returnUrl parameter in Account Security Settings lacks proper input validation, allowing attackers to redirect users to malicious websites (Open Redirect) and inject JavaScript code to perform cross site scripting attack. The vulnerability… | ||
| CVE-2026-36759 | Med | 0.42 | 6.5 | 0.00 | Apr 30, 2026 | A Server-Side Request Forgery (SSRF) in the /themes/{name}/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request. | ||
| CVE-2025-51857 | Med | 0.40 | 6.1 | 0.00 | Aug 5, 2025 | The reconcile method in the AttachmentReconciler class of the Halo system v.2.20.18LTS and before is vulnerable to XSS attacks. | ||
| CVE-2018-11012 | Med | 0.40 | 6.1 | 0.01 | May 12, 2018 | ruibaby Halo 0.0.2 has stored XSS via the loginName and loginPwd parameters in a failed login attempt to AdminController.java. | ||
| CVE-2018-11011 | Med | 0.40 | 6.1 | 0.01 | May 12, 2018 | ruibaby Halo 0.0.2 has stored XSS via the commentAuthor field to FrontCommentController.java. | ||
| CVE-2025-60898 | Med | 0.38 | 5.8 | 0.00 | Oct 29, 2025 | An unauthenticated server-side request forgery (SSRF) vulnerability in the Thumbnail via-uri endpoint of Halo CMS 2.21 allows a remote attacker to cause the server to issue HTTP requests to attacker-controlled URLs, including internal addresses. The endpoint performs a… | ||
| CVE-2026-36756 | Med | 0.35 | 5.4 | 0.00 | Apr 30, 2026 | A Server-Side Request Forgery (SSRF) in the /plugins/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request. | ||
| CVE-2026-36757 | Med | 0.28 | 4.3 | 0.00 | Apr 30, 2026 | A Server-Side Request Forgery (SSRF) in the /plugins/{name}/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request. | ||
| CVE-2026-36758 | Med | 0.28 | 4.3 | 0.00 | Apr 30, 2026 | A Server-Side Request Forgery (SSRF) in the /themes/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request. | ||
| CVE-2025-14117 | Med | 0.28 | 4.3 | 0.00 | Dec 6, 2025 | A vulnerability has been found in fit2cloud Halo 2.21.10. Impacted is an unknown function. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early… | ||
| CVE-2025-15141 | Low | 0.20 | 3.1 | 0.00 | Dec 28, 2025 | A vulnerability was determined in Halo up to 2.21.10. This issue affects some unknown processing of the file /actuator of the component Configuration Handler. Executing a manipulation can lead to information disclosure. The attack may be performed from remote. This attack is… | ||
| CVE-2019-15311 | 0.01 | — | 0.08 | Jul 1, 2020 | An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is Zolo Halo LAN remote code execution. The Zolo Halo Bluetooth speaker had a GoAhead web server listening on the port 80. The /httpapi.asp endpoint of the GoAhead web server was also vulnerable to… | |||
| CVE-2025-70886 | 0.00 | — | 0.00 | Feb 12, 2026 | An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial of service via a crafted payload to the public comment submission endpoint | |||
| CVE-2025-44594 | 0.00 | — | 0.00 | Sep 9, 2025 | halo v2.20.17 and before is vulnerable to server-side request forgery (SSRF) in /apis/uc.api.storage.halo.run/v1alpha1/attachments/-/upload-from-url. | |||
| CVE-2025-44593 | 0.00 | — | 0.00 | Sep 9, 2025 | Halo prior to 2.20.13 allows bypassing file type detection and uploading malicious files such as .exe and .html files. Specifically, .html files can trigger stored XSS vulnerabilities. This vulnerability is fixed in 2.20.13 | |||
| CVE-2025-44595 | 0.00 | — | 0.00 | Sep 9, 2025 | Halo v2.20.17 and before is vulnerable to Cross Site Scripting (XSS) in /halo_host/archives/{name}. | |||
| CVE-2024-56156 | 0.00 | — | 0.01 | Apr 25, 2025 | Halo is an open source website building tool. Prior to version 2.20.13, a vulnerability in Halo allows attackers to bypass file type validation controls. This bypass enables the upload of malicious files including executables and HTML files, which can lead to stored cross-site… | |||
| CVE-2024-43793 | 0.00 | — | 0.00 | Sep 11, 2024 | Halo is an open source website building tool. A security vulnerability has been identified in versions prior to 2.19.0 of the Halo project. This vulnerability allows an attacker to execute malicious scripts in the user's browser through specific HTML and JavaScript code,… | |||
| CVE-2024-43792 | 0.00 | — | 0.00 | Sep 2, 2024 | Halo is an open source website building tool. A security vulnerability has been identified in versions prior to 2.17.0 of the Halo project. This vulnerability allows an attacker to execute malicious scripts in the user's browser through specific HTML and JavaScript code,… | |||
| CVE-2023-33528 | 0.00 | — | 0.00 | Mar 28, 2024 | halo v1.6.0 is vulnerable to Cross Site Scripting (XSS). | |||
| CVE-2023-27164 | 0.00 | — | 0.01 | Mar 10, 2023 | An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file. | |||
| CVE-2022-36784 | 0.00 | — | 0.01 | Nov 17, 2022 | Elsight – Elsight Halo Remote Code Execution (RCE) Elsight Halo web panel allows us to perform connection validation. through the POST request : /api/v1/nics/wifi/wlan0/ping we can abuse DESTINATION parameter and leverage it to remote code execution. | |||
| CVE-2022-32995 | 0.00 | — | 0.16 | Jun 27, 2022 | Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template remote download function. | |||
| CVE-2022-28074 | 0.00 | — | 0.00 | Apr 22, 2022 | Halo-1.5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via \admin\index.html#/system/tools. | |||
| CVE-2022-26619 | 0.00 | — | 0.01 | Apr 5, 2022 | Halo Blog CMS v1.4.17 was discovered to allow attackers to upload arbitrary files via the Attachment Upload function. | |||
| CVE-2021-43659 | 0.00 | — | 0.01 | Mar 24, 2022 | In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability. | |||
| CVE-2022-22125 | 0.00 | — | 0.01 | Jan 13, 2022 | In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article tag. An authenticated admin attacker can inject arbitrary javascript code that will execute on a victim’s server. | |||
| CVE-2022-22124 | 0.00 | — | 0.01 | Jan 13, 2022 | In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the profile image. An authenticated attacker can upload a carefully crafted SVG file that will trigger arbitrary javascript to run on a victim’s browser. | |||
| CVE-2022-22123 | 0.00 | — | 0.01 | Jan 13, 2022 | In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article title. An authenticated attacker can inject arbitrary javascript code that will execute on a victim’s server. | |||
| CVE-2020-19038 | 0.00 | — | 0.01 | Jul 12, 2021 | File Deletion vulnerability in Halo 0.4.3 via delBackup. | |||
| CVE-2020-19037 | 0.00 | — | 0.01 | Jul 12, 2021 | Incorrect Access Control vulnearbility in Halo 0.4.3, which allows a malicious user to bypass encrption to view encrpted articles via cookies. | |||
| CVE-2020-18982 | 0.00 | — | 0.01 | Jul 12, 2021 | Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAuthorUrl. | |||
| CVE-2020-18980 | 0.00 | — | 0.01 | Jul 12, 2021 | Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr and themeName parameters. | |||
| CVE-2020-18979 | 0.00 | — | 0.01 | Jul 12, 2021 | Cross Siste Scripting (XSS) vulnerablity in Halo 0.4.3 via the X-forwarded-for Header parameter. | |||
| CVE-2020-21345 | 0.00 | — | 0.01 | May 20, 2021 | Cross Site Scripting (XSS) vulnerability in Halo 1.1.3 via post publish components in the manage panel, which lets a remote malicious user execute arbitrary code. | |||
| CVE-2020-21527 | 0.00 | — | 0.01 | Sep 30, 2020 | There is an Arbitrary file deletion vulnerability in halo v1.1.3. A backup function in the background allows a user, when deleting their backup files, to delete any files on the system through directory traversal. | |||
| CVE-2020-21526 | 0.00 | — | 0.02 | Sep 30, 2020 | An Arbitrary file writing vulnerability in halo v1.1.3. In an interface to write files in the background, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it. | |||
| CVE-2020-21524 | 0.00 | — | 0.02 | Sep 30, 2020 | There is a XML external entity (XXE) vulnerability in halo v1.1.3, The function of importing other blogs in the background(/api/admin/migrations/wordpress) needs to parse the xml file, but it is not used for security defense, This vulnerability can detect the intranet, read… | |||
| CVE-2020-21523 | 0.00 | — | 0.03 | Sep 30, 2020 | A Server-Side Freemarker template injection vulnerability in halo CMS v1.1.3 In the Edit Theme File function. The ftl file can be edited. This is the Freemarker template file. This file can cause arbitrary code execution when it is rendered in the background. exp: <#assign… | |||
| CVE-2020-19007 | 0.00 | — | 0.01 | Aug 26, 2020 | Halo blog 1.2.0 allows users to submit comments on blog posts via /api/content/posts/comments. The javascript code supplied by the attacker will then execute in the victim user's browser. | |||
| CVE-2019-15312 | 0.00 | — | 0.03 | Jul 1, 2020 | An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is a Zolo Halo DNS rebinding attack. The device was found to be vulnerable to DNS rebinding. Combined with one of the many /httpapi.asp endpoint command-execution security issues, the DNS rebinding… | |||
| CVE-2019-19999 | 0.00 | — | 0.02 | Dec 26, 2019 | Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI) because TemplateClassResolver.SAFER_RESOLVER is not used in the FreeMarker configuration. | |||
| CVE-2019-16890 | 0.00 | — | 0.01 | Sep 25, 2019 | Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments. |
- risk 0.46cvss —epss 0.00
Improper Input Validation, the returnUrl parameter in Account Security Settings lacks proper input validation, allowing attackers to redirect users to malicious websites (Open Redirect) and inject JavaScript code to perform cross site scripting attack. The vulnerability…
- risk 0.42cvss 6.5epss 0.00
A Server-Side Request Forgery (SSRF) in the /themes/{name}/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request.
- risk 0.40cvss 6.1epss 0.00
The reconcile method in the AttachmentReconciler class of the Halo system v.2.20.18LTS and before is vulnerable to XSS attacks.
- risk 0.40cvss 6.1epss 0.01
ruibaby Halo 0.0.2 has stored XSS via the loginName and loginPwd parameters in a failed login attempt to AdminController.java.
- risk 0.40cvss 6.1epss 0.01
ruibaby Halo 0.0.2 has stored XSS via the commentAuthor field to FrontCommentController.java.
- risk 0.38cvss 5.8epss 0.00
An unauthenticated server-side request forgery (SSRF) vulnerability in the Thumbnail via-uri endpoint of Halo CMS 2.21 allows a remote attacker to cause the server to issue HTTP requests to attacker-controlled URLs, including internal addresses. The endpoint performs a…
- risk 0.35cvss 5.4epss 0.00
A Server-Side Request Forgery (SSRF) in the /plugins/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request.
- risk 0.28cvss 4.3epss 0.00
A Server-Side Request Forgery (SSRF) in the /plugins/{name}/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request.
- risk 0.28cvss 4.3epss 0.00
A Server-Side Request Forgery (SSRF) in the /themes/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request.
- risk 0.28cvss 4.3epss 0.00
A vulnerability has been found in fit2cloud Halo 2.21.10. Impacted is an unknown function. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early…
- risk 0.20cvss 3.1epss 0.00
A vulnerability was determined in Halo up to 2.21.10. This issue affects some unknown processing of the file /actuator of the component Configuration Handler. Executing a manipulation can lead to information disclosure. The attack may be performed from remote. This attack is…
- CVE-2019-15311Jul 1, 2020risk 0.01cvss —epss 0.08
An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is Zolo Halo LAN remote code execution. The Zolo Halo Bluetooth speaker had a GoAhead web server listening on the port 80. The /httpapi.asp endpoint of the GoAhead web server was also vulnerable to…
- CVE-2025-70886Feb 12, 2026risk 0.00cvss —epss 0.00
An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial of service via a crafted payload to the public comment submission endpoint
- CVE-2025-44594Sep 9, 2025risk 0.00cvss —epss 0.00
halo v2.20.17 and before is vulnerable to server-side request forgery (SSRF) in /apis/uc.api.storage.halo.run/v1alpha1/attachments/-/upload-from-url.
- CVE-2025-44593Sep 9, 2025risk 0.00cvss —epss 0.00
Halo prior to 2.20.13 allows bypassing file type detection and uploading malicious files such as .exe and .html files. Specifically, .html files can trigger stored XSS vulnerabilities. This vulnerability is fixed in 2.20.13
- CVE-2025-44595Sep 9, 2025risk 0.00cvss —epss 0.00
Halo v2.20.17 and before is vulnerable to Cross Site Scripting (XSS) in /halo_host/archives/{name}.
- CVE-2024-56156Apr 25, 2025risk 0.00cvss —epss 0.01
Halo is an open source website building tool. Prior to version 2.20.13, a vulnerability in Halo allows attackers to bypass file type validation controls. This bypass enables the upload of malicious files including executables and HTML files, which can lead to stored cross-site…
- CVE-2024-43793Sep 11, 2024risk 0.00cvss —epss 0.00
Halo is an open source website building tool. A security vulnerability has been identified in versions prior to 2.19.0 of the Halo project. This vulnerability allows an attacker to execute malicious scripts in the user's browser through specific HTML and JavaScript code,…
- CVE-2024-43792Sep 2, 2024risk 0.00cvss —epss 0.00
Halo is an open source website building tool. A security vulnerability has been identified in versions prior to 2.17.0 of the Halo project. This vulnerability allows an attacker to execute malicious scripts in the user's browser through specific HTML and JavaScript code,…
- CVE-2023-33528Mar 28, 2024risk 0.00cvss —epss 0.00
halo v1.6.0 is vulnerable to Cross Site Scripting (XSS).
- CVE-2023-27164Mar 10, 2023risk 0.00cvss —epss 0.01
An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file.
- CVE-2022-36784Nov 17, 2022risk 0.00cvss —epss 0.01
Elsight – Elsight Halo Remote Code Execution (RCE) Elsight Halo web panel allows us to perform connection validation. through the POST request : /api/v1/nics/wifi/wlan0/ping we can abuse DESTINATION parameter and leverage it to remote code execution.
- CVE-2022-32995Jun 27, 2022risk 0.00cvss —epss 0.16
Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template remote download function.
- CVE-2022-28074Apr 22, 2022risk 0.00cvss —epss 0.00
Halo-1.5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via \admin\index.html#/system/tools.
- CVE-2022-26619Apr 5, 2022risk 0.00cvss —epss 0.01
Halo Blog CMS v1.4.17 was discovered to allow attackers to upload arbitrary files via the Attachment Upload function.
- CVE-2021-43659Mar 24, 2022risk 0.00cvss —epss 0.01
In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability.
- CVE-2022-22125Jan 13, 2022risk 0.00cvss —epss 0.01
In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article tag. An authenticated admin attacker can inject arbitrary javascript code that will execute on a victim’s server.
- CVE-2022-22124Jan 13, 2022risk 0.00cvss —epss 0.01
In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the profile image. An authenticated attacker can upload a carefully crafted SVG file that will trigger arbitrary javascript to run on a victim’s browser.
- CVE-2022-22123Jan 13, 2022risk 0.00cvss —epss 0.01
In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article title. An authenticated attacker can inject arbitrary javascript code that will execute on a victim’s server.
- CVE-2020-19038Jul 12, 2021risk 0.00cvss —epss 0.01
File Deletion vulnerability in Halo 0.4.3 via delBackup.
- CVE-2020-19037Jul 12, 2021risk 0.00cvss —epss 0.01
Incorrect Access Control vulnearbility in Halo 0.4.3, which allows a malicious user to bypass encrption to view encrpted articles via cookies.
- CVE-2020-18982Jul 12, 2021risk 0.00cvss —epss 0.01
Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAuthorUrl.
- CVE-2020-18980Jul 12, 2021risk 0.00cvss —epss 0.01
Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr and themeName parameters.
- CVE-2020-18979Jul 12, 2021risk 0.00cvss —epss 0.01
Cross Siste Scripting (XSS) vulnerablity in Halo 0.4.3 via the X-forwarded-for Header parameter.
- CVE-2020-21345May 20, 2021risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) vulnerability in Halo 1.1.3 via post publish components in the manage panel, which lets a remote malicious user execute arbitrary code.
- CVE-2020-21527Sep 30, 2020risk 0.00cvss —epss 0.01
There is an Arbitrary file deletion vulnerability in halo v1.1.3. A backup function in the background allows a user, when deleting their backup files, to delete any files on the system through directory traversal.
- CVE-2020-21526Sep 30, 2020risk 0.00cvss —epss 0.02
An Arbitrary file writing vulnerability in halo v1.1.3. In an interface to write files in the background, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it.
- CVE-2020-21524Sep 30, 2020risk 0.00cvss —epss 0.02
There is a XML external entity (XXE) vulnerability in halo v1.1.3, The function of importing other blogs in the background(/api/admin/migrations/wordpress) needs to parse the xml file, but it is not used for security defense, This vulnerability can detect the intranet, read…
- CVE-2020-21523Sep 30, 2020risk 0.00cvss —epss 0.03
A Server-Side Freemarker template injection vulnerability in halo CMS v1.1.3 In the Edit Theme File function. The ftl file can be edited. This is the Freemarker template file. This file can cause arbitrary code execution when it is rendered in the background. exp: <#assign…
- CVE-2020-19007Aug 26, 2020risk 0.00cvss —epss 0.01
Halo blog 1.2.0 allows users to submit comments on blog posts via /api/content/posts/comments. The javascript code supplied by the attacker will then execute in the victim user's browser.
- CVE-2019-15312Jul 1, 2020risk 0.00cvss —epss 0.03
An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is a Zolo Halo DNS rebinding attack. The device was found to be vulnerable to DNS rebinding. Combined with one of the many /httpapi.asp endpoint command-execution security issues, the DNS rebinding…
- CVE-2019-19999Dec 26, 2019risk 0.00cvss —epss 0.02
Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI) because TemplateClassResolver.SAFER_RESOLVER is not used in the FreeMarker configuration.
- CVE-2019-16890Sep 25, 2019risk 0.00cvss —epss 0.01
Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments.