CVE-2024-56156

Name of the Vulnerable Software and Affected Versions Halo versions prior to 2.20.13

Description The issue allows attackers to bypass file type validation controls, enabling the upload of malicious files, including executables and HTML files. This can lead to stored cross-site scripting attacks and potential remote code execution under certain circumstances.

Recommendations For versions prior to 2.20.13, update to version 2.20.13 to resolve the issue. As a temporary workaround, consider restricting file uploads to minimize the risk of exploitation. Avoid using the file upload feature until the issue is resolved.