← back
CVE-2024-43793

Halo's editor has a stored XSS vulnerability

CVSS 6.3 MEDIUMEPSS 0.3%CWE-79
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.3EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
11 Sep 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Halo is an open source website building tool. A security vulnerability has been identified in versions prior to 2.19.0 of the Halo project. This vulnerability allows an attacker to execute malicious scripts in the user's browser through specific HTML and JavaScript code, potentially leading to a Cross-Site Scripting (XSS) attack. This vulnerability is fixed in 2.19.0.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Affected products
halo-dev · halo

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/halo-dev/halo/security/advisories/GHSA-28x9-hppj-m537