Description
ruibaby Halo 0.0.2 has stored XSS via the loginName and loginPwd parameters in a failed login attempt to AdminController.java.
Remediation
References
https://github.com/ruibaby/halo/issues/9
Related Vulnerabilities
CVE-2020-7690 Vulnerability in maven package org.webjars:jspdf
CVE-2022-24947 Vulnerability in maven package org.apache.jspwiki:jspwiki-main
CVE-2021-21391 Vulnerability in npm package @ckeditor/ckeditor5-image
CVE-2021-29485 Vulnerability in maven package io.ratpack:ratpack-session
CVE-2022-3971 Vulnerability in npm package matrix-appservice-irc