CVE-2024-43792

Halo is an open source website building tool. A security vulnerability has been identified in versions prior to 2.17.0 of the Halo project. This vulnerability allows an attacker to execute malicious scripts in the user's browser through specific HTML and JavaScript code, potentially leading to a Cross-Site Scripting (XSS) attack. Users are advised to upgrade to version 2.17.0+. There are no known workarounds for this vulnerability.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:halo:halo:*:*:*:*:*:*:*:*

History

16 Sep 2024, 16:26

Type Values Removed Values Added
First Time Halo halo
Halo
CVSS v2 : unknown
v3 : 6.3
v2 : unknown
v3 : 6.1
CPE cpe:2.3:a:halo:halo:*:*:*:*:*:*:*:*
References () https://github.com/halo-dev/halo/security/advisories/GHSA-x3rj-3x75-vw4g - () https://github.com/halo-dev/halo/security/advisories/GHSA-x3rj-3x75-vw4g - Exploit, Vendor Advisory

03 Sep 2024, 12:59

Type Values Removed Values Added
Summary
  • (es) Halo es una herramienta de código abierto para crear sitios web. Se ha identificado una vulnerabilidad de seguridad en versiones anteriores a la 2.17.0 del proyecto Halo. Esta vulnerabilidad permite a un atacante ejecutar secuencias de comandos maliciosas en el navegador del usuario a través de código HTML y JavaScript específico, lo que puede provocar un ataque de Cross-site Scripting (XSS). Se recomienda a los usuarios que actualicen a la versión 2.17.0+. No se conocen workarounds para esta vulnerabilidad.

02 Sep 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-02 18:15

Updated : 2024-09-16 16:26


NVD link : CVE-2024-43792

Mitre link : CVE-2024-43792

CVE.ORG link : CVE-2024-43792


JSON object : View

Products Affected

halo

  • halo
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')