CVE-2021-43659

Published March 24th, 2022

View on NVD ↗

CVSS v3

5.4

MEDIUM

CVSS v2

3.5

LOW

Affected

PROJECT

Description

In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability.

halo-dev/halo

Halo 是一款强大易用的开源建站工具，从个人博客、知识库，到企业官网、在线商城，Halo 都能助您轻松实现，一站式满足您的多样化建站需求。

GitHub

39.1K