Mend Vulnerability Database
What is a CVE vulnerability ID? What is a WS vulnerability ID?New vulnerability? Tell us about it!
We found results for “”
Date: January 13, 2022
DetailsHalo is a modern open-source blogging and content management system. Affected versions of Halo are vulnerable to stored XSS via profile image upload mechanism that allows the uploading of malicious SVG files.
PoC DetailsLogin to the application.
Enter the profile section, and press on the profile picture in order to change it. Click on “upload an attachment”. Choose a malicious SVG file with a payload such as the one given below, and upload it.
Click “deposit” in order to save. The malicious SVG will be saved under “/upload/”.
Once opened, it will trigger an alert.
Affected EnvironmentsHalo versions v1.0.0 through v1.4.17 (latest)
PreventionNo fix is provided
Good to know:
No fix version available
|Attack Vector (AV):||Network|
|Attack Complexity (AC):||Low|
|Privileges Required (PR):||Low|
|User Interaction (UI):||Required|
|Access Vector (AV):||Network|
|Access Complexity (AC):||Medium|