CVE-2022-22125

Summary

In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article tag. An authenticated admin attacker can inject arbitrary javascript code that will execute on a victim’s server.

Affected Software

VendorProductVersion RangeStatus
halo-devhalov1.0.0 < unspecifiedaffected
halo-devhalounspecified <= v1.4.17affected
halo-devhalonext of v1.4.17 < unspecifiedunknown

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References