Description
ruibaby Halo 0.0.2 has stored XSS via the commentAuthor field to FrontCommentController.java.
Remediation
References
https://github.com/ruibaby/halo/issues/9
Related Vulnerabilities
CVE-2023-36542 Vulnerability in maven package org.apache.nifi:nifi-record-serialization-services
CVE-2018-3728 Vulnerability in npm package hoek
CVE-2023-34092 Vulnerability in maven package org.webjars.npm:vite
CVE-2022-45143 Vulnerability in maven package org.apache.tomcat:tomcat-util
CVE-2022-23059 Vulnerability in maven package com.shopizer:sm-shop-model