Show filters
1 Total Results
Displaying 1-1 of 1
Sort by:
Attacker Value
Unknown

CVE-2021-43659

Disclosure Date: March 24, 2022 (last updated February 23, 2025)
In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0