PT-2025-36945 · Halo · Halo
Published
2025-09-09
·
Updated
2025-09-18
·
CVE-2025-44593
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Halo versions prior to 2.20.13
Description:
Halo versions prior to 2.20.13 allow bypassing file type detection, enabling the upload of malicious files, including
.exe and .html files. Uploading .html files can trigger stored cross-site scripting (XSS) vulnerabilities.Recommendations:
Update to version 2.20.13 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Halo