Impact
A security vulnerability has been identified in versions prior to 2.17.0 of the Halo project. This vulnerability allows an attacker to execute malicious scripts in the user's browser through specific HTML and JavaScript code, potentially leading to a Cross-Site Scripting (XSS) attack.
Reproduction Steps
To minimize impact, the payload in the reproduction steps has been removed. If you need to reproduce the vulnerability, you can use the following information:
Payload Example:
<a></a>
<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>
<pre>aaa</pre>
Patches
Fixed in versions after 2.17.0
Workarounds
Upgrade to 2.17.0+
Mia0a-hi Finder
Impact
A security vulnerability has been identified in versions prior to 2.17.0 of the Halo project. This vulnerability allows an attacker to execute malicious scripts in the user's browser through specific HTML and JavaScript code, potentially leading to a Cross-Site Scripting (XSS) attack.
Reproduction Steps
To minimize impact, the payload in the reproduction steps has been removed. If you need to reproduce the vulnerability, you can use the following information:
Payload Example:
Patches
Fixed in versions after 2.17.0
Workarounds
Upgrade to 2.17.0+