CVE-2022-22123

Name of the Vulnerable Software and Affected Versions Halo versions v1.0.0 through v1.4.17

Description The issue concerns Stored Cross-Site Scripting (XSS) in the article title, allowing an authenticated attacker to inject arbitrary javascript code that will execute on a victim’s server.

Recommendations For versions v1.0.0 through v1.4.17, consider restricting access to the article title feature until a patch is available, and avoid using the article title field for any sensitive operations. As a temporary workaround, consider validating and sanitizing all user input in the article title to prevent the injection of malicious javascript code.