CVE-2025-44593

Medium CVSS: 6.1

Halo prior to 2.20.13 allows bypassing file type detection and uploading malicious files such as .exe and .html files. Specifically, .html files can trigger stored XSS vulnerabilities. This vulnerability is fixed in 2.20.13

Vendor

Halo

Product

Halo

CWE

CWE-79

Yayın Tarihi

2025-09-09 21:15:36

Güncelleme

2025-09-18 20:33:52

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Halo MEDIUM Halo 2025

Referanslar

https://meadow-horn-b94.notion.site/halo-File-Upload-Vulnerability-14c42bd5b11880d58e11cd976f8e9d4f

Benzer Kayıtlar

High

CVE-2025-70886

An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial of service via a crafted payload to the…

Low

CVE-2025-15141

A vulnerability was determined in Halo up to 2.21.10. This issue affects some unknown processing of the file /actuator o…

Medium

CVE-2025-44595

Halo v2.20.17 and before is vulnerable to Cross Site Scripting (XSS) in /halo_host/archives/{name}.

Critical

CVE-2025-44594

halo v2.20.17 and before is vulnerable to server-side request forgery (SSRF) in /apis/uc.api.storage.halo.run/v1alpha1/a…

Medium

CVE-2024-56156

Halo is an open source website building tool. Prior to version 2.20.13, a vulnerability in Halo allows attackers to bypa…