Halo-dev Halo
7 CVEs affecting Halo-dev Halo. Latest disclosed: 2026-06-25. Critical: 1, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-56156 | Critical | 9.0 | 2025-04-25 | Halo is an open source website building tool. Prior to version 2.20.13, a vulnerability in Halo allows attackers to bypass file type validation controls. This… |
CVE-2024-43793 | Medium | 6.3 | 2024-09-11 | Halo is an open source website building tool. A security vulnerability has been identified in versions prior to 2.19.0 of the Halo project. This vulnerability… |
CVE-2024-43792 | Medium | 6.3 | 2024-09-02 | Halo is an open source website building tool. A security vulnerability has been identified in versions prior to 2.17.0 of the Halo project. This vulnerability… |
CVE-2026-55439 | Medium | 5.5 | 2026-06-25 | Halo is an open source website building tool. Prior to 2.24.3, a path traversal vulnerability in the backup download endpoint allows authenticated administrato… |
CVE-2022-22124 | Medium | 5.4 | 2022-01-13 | In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the profile image. An authenticated attacker can upload a c… |
CVE-2022-22123 | Medium | 5.4 | 2022-01-13 | In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article title. An authenticated attacker can inject arb… |
CVE-2022-22125 | Medium | 4.8 | 2022-01-13 | In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article tag. An authenticated admin attacker can inject… |