Filtered by vendor Fit2cloud
Subscriptions
Filtered by product Halo
Subscriptions
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-14117 | 1 Fit2cloud | 1 Halo | 2025-12-08 | 4.3 Medium |
| A vulnerability has been found in fit2cloud Halo 2.21.10. Impacted is an unknown function. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2022-28074 | 1 Fit2cloud | 1 Halo | 2024-11-21 | 4.8 Medium |
| Halo-1.5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via \admin\index.html#/system/tools. | ||||
| CVE-2022-22124 | 1 Fit2cloud | 1 Halo | 2024-11-21 | 5.4 Medium |
| In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the profile image. An authenticated attacker can upload a carefully crafted SVG file that will trigger arbitrary javascript to run on a victim’s browser. | ||||
| CVE-2022-22123 | 1 Fit2cloud | 1 Halo | 2024-11-21 | 5.4 Medium |
| In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article title. An authenticated attacker can inject arbitrary javascript code that will execute on a victim’s server. | ||||
Page 1 of 1.