Home

Description

Halo prior to 2.20.13 allows bypassing file type detection and uploading malicious files such as .exe and .html files. Specifically, .html files can trigger stored XSS vulnerabilities. This vulnerability is fixed in 2.20.13

PUBLISHED Reserved 2025-04-22 | Published 2025-09-09 | Updated 2025-09-10 | Assigner mitre

References

meadow-horn-b94.notion.site/...42bd5b11880d58e11cd976f8e9d4f

cve.org (CVE-2025-44593)

nvd.nist.gov (CVE-2025-44593)

Download JSON