Mend Vulnerability Database
What is a CVE vulnerability ID? What is a WS vulnerability ID? What is an MSC vulnerability ID?New vulnerability? Tell us about it!
We found results for “”
Date: January 13, 2022
PoC DetailsLogin to the application as admin.
Create a new tag label with a malicious payload given below.
Create a new article, then press release.
Add the recently created label, and press “save”. Go to “All Articles” and press the newly created article. The payload will be triggered.
<script>alert("XSS in TAG")</script>
Affected EnvironmentsHalo versions v1.0.0 through v1.4.17 (latest)
PreventionNo fix is provided
Good to know:
No fix version available
|Attack Vector (AV):||Network|
|Attack Complexity (AC):||Low|
|Privileges Required (PR):||High|
|User Interaction (UI):||Required|
|Access Vector (AV):||Network|
|Access Complexity (AC):||Medium|