Description
ruibaby Halo 0.0.2 has stored XSS via the commentAuthor field to FrontCommentController.java.
Remediation
References
https://github.com/ruibaby/halo/issues/9
Related Vulnerabilities
CVE-2022-25878 Vulnerability in npm package protobufjs
CVE-2013-2254 Vulnerability in maven package org.apache.sling:org.apache.sling.servlets.post
CVE-2023-26487 Vulnerability in maven package org.webjars.bowergithub.vega:vega
CVE-2016-10735 Vulnerability in maven package org.wildfly.swarm:bootstrap
CVE-2021-46036 Vulnerability in maven package net.mingsoft:ms-mcms