Fit2cloud Halo
4 CVEs affecting Fit2cloud Halo. Latest disclosed: 2025-12-06. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-22124 | Medium | 5.4 | 2022-01-13 | In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the profile image. An authenticated attacker can upload a c… |
CVE-2022-22123 | Medium | 5.4 | 2022-01-13 | In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article title. An authenticated attacker can inject arb… |
CVE-2022-28074 | Medium | 4.8 | 2022-04-22 | Halo-1.5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via \admin\index.html#/system/tools. |
CVE-2025-14117 | Medium | 4.3 | 2025-12-06 | A vulnerability has been found in fit2cloud Halo 2.21.10. Impacted is an unknown function. The manipulation leads to cross-site request forgery. The attack may… |