Description
ruibaby Halo 0.0.2 has stored XSS via the loginName and loginPwd parameters in a failed login attempt to AdminController.java.
Remediation
References
https://github.com/ruibaby/halo/issues/9
Related Vulnerabilities
CVE-2019-19729 Vulnerability in npm package bson-objectid
CVE-2022-37265 Vulnerability in npm package steal
CVE-2022-39263 Vulnerability in npm package @next-auth/upstash-redis-adapter
CVE-2020-28502 Vulnerability in npm package xmlhttprequest-ssl
CVE-2021-29451 Vulnerability in maven package com.manydesigns:portofino-core