CVE-2019-16890

Published September 25th, 2019

View on NVD ↗

CVSS v3

5.4

MEDIUM

CVSS v2

3.5

LOW

Affected

1

PROJECT

Description

Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments.

Halo 是一款强大易用的开源建站工具，从个人博客、知识库，到企业官网、在线商城，Halo 都能助您轻松实现，一站式满足您的多样化建站需求。

GitHub

39.1K