Impact
A security vulnerability has been identified in versions prior to 2.18.0 of the Halo project. This vulnerability allows an attacker to execute malicious scripts in the user's browser through specific HTML and JavaScript code, potentially leading to a Cross-Site Scripting (XSS) attack.
Reproduction Steps
To minimize impact, the payload in the reproduction steps has been removed. If you need to reproduce the vulnerability, you can use the following information:
Insert a hyperlink in the editor and fill in the address jAvascript:alert('XSS')
Patches
Fixed in versions after 2.19.0
Workarounds
Upgrade to 2.19.0+
References
LuoLiu Reporter
Impact
A security vulnerability has been identified in versions prior to 2.18.0 of the Halo project. This vulnerability allows an attacker to execute malicious scripts in the user's browser through specific HTML and JavaScript code, potentially leading to a Cross-Site Scripting (XSS) attack.
Reproduction Steps
To minimize impact, the payload in the reproduction steps has been removed. If you need to reproduce the vulnerability, you can use the following information:
Insert a hyperlink in the editor and fill in the address
jAvascript:alert('XSS')Patches
Fixed in versions after 2.19.0
Workarounds
Upgrade to 2.19.0+
References