CNNVD-202508-363 Information
Aug 05, 2025
cve
CNNVD ID
CNNVD-202508-363
Related CVE
- CNNVD Published: 2025-08-05
Description (Chinese)
Halo是Halo开源的一个强大易用的开源建站工具。 Halo v.2.20.18LTS及之前版本存在安全漏洞,该漏洞源于AttachmentReconciler类的reconcile方法存在跨站脚本。
Description (English)
Halo is a powerful and easy-to-use open-source construction tool for Halo. There is a security loophole in Haro v.2.20.18 LTS and earlier versions, which stems from the cross-site script of the Reconcile method of the AttachmentReconciler class.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
凌霞
Published
2025-08-05
Last Modified
2026-02-24
References
https://github.com/halo-dev/halo http://halo.com https://gist.github.com/this1slwl/d714514635119159607c14faebbbcf20 https://access.redhat.com/security/cve/cve-2025-51857
Patch
https://github.com/halo-dev/halo/releases
Share on: