Description
ruibaby Halo 0.0.2 has stored XSS via the loginName and loginPwd parameters in a failed login attempt to AdminController.java.
Remediation
References
https://github.com/ruibaby/halo/issues/9
Related Vulnerabilities
CVE-2022-42004 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2020-8125 Vulnerability in npm package klona
CVE-2020-19698 Vulnerability in maven package org.webjars.npm:editor.md
CVE-2017-1000228 Vulnerability in maven package org.webjars.npm:ejs
CVE-2021-23337 Vulnerability in maven package org.webjars.npm:lodash.template