Browse all 6 CVE security advisories affecting halo-dev. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Halo-dev is a software development platform focused on creating and managing custom applications for enterprise environments. Historically, the project has been associated with multiple critical vulnerabilities, including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws. These vulnerabilities often stem from insufficient input validation and improper access controls in web interfaces. While no major public security incidents have been documented, the consistent presence of multiple CVEs suggests ongoing challenges in secure coding practices. Organizations using halo-dev should implement strict network segmentation and regular security assessments to mitigate potential risks associated with these recurring vulnerability patterns.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-56156 | Halo Vulnerable to Stored XSS and RCE via File Upload Bypass — haloCWE-79 | 9.0 | - | 2025-04-25 |
| CVE-2024-43793 | Halo's editor has a stored XSS vulnerability — haloCWE-79 | 6.3 | Medium | 2024-09-11 |
| CVE-2024-43792 | Halo's editor has a stored Cross-Site Scripting vulnerability — haloCWE-79 | 6.3 | Medium | 2024-09-02 |
| CVE-2022-22125 | Halo CMS - Stored Cross-Site Scripting (XSS) in Article's Tag — haloCWE-79 | 4.8 | Medium | 2022-01-13 |
| CVE-2022-22124 | Halo CMS - Stored Cross-Site Scripting (XSS) in Profile Image — haloCWE-79 | 5.4 | Medium | 2022-01-13 |
| CVE-2022-22123 | Halo CMS - Stored Cross-Site Scripting (XSS) in Article's Title — haloCWE-79 | 5.4 | Medium | 2022-01-13 |
This page lists every published CVE security advisory associated with halo-dev. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.