Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Halo Vulnerable to Stored XSS and RCE via File Upload Bypass
Vulnerability Description
Halo is an open source website building tool. Prior to version 2.20.13, a vulnerability in Halo allows attackers to bypass file type validation controls. This bypass enables the upload of malicious files including executables and HTML files, which can lead to stored cross-site scripting attacks and potential remote code execution under certain circumstances. This issue has been patched in version 2.20.13.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Halo 跨站脚本漏洞
Vulnerability Description
Halo是Halo开源的一个强大易用的开源建站工具。 Halo 2.20.13之前版本存在安全漏洞,该漏洞源于文件类型验证绕过,可能导致存储型跨站脚本攻击或远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A