Jack01

**Name of the Vulnerable Software and Affected Versions** Halo version 1.1.0 **Description** The issue allows for XSS via a crafted `authorUrl` in JSON data to the "api/content/posts/comments" API endpoint. **Recommendations** For Halo version 1.1.0, avoid using the `authorUrl` variable in the "api/content/posts/comments" API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to this endpoint to minimize the risk of exploitation.