This page lists publicly disclosed CVE vulnerabilities affecting fit2cloud halo (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-14117 | A vulnerability has been found in fit2cloud Halo 2.21.10. Impacted is an unknown function. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | [email protected] | 2.1 | 0.06% | 2025-12-06 | 2026-04-29 |
| CVE-2022-28074 | Halo-1.5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via \admin\index.html#/system/tools. | [email protected] | 4.8 | 0.25% | 2022-04-22 | 2024-11-21 |
| CVE-2022-22124 | In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the profile image. An authenticated attacker can upload a carefully crafted SVG file that will trigger arbitrary javascript to run on a victim’s browser. | [email protected] | 5.4 | 0.48% | 2022-01-13 | 2024-11-21 |
| CVE-2022-22123 | In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article title. An authenticated attacker can inject arbitrary javascript code that will execute on a victim’s server. | [email protected] | 5.4 | 0.41% | 2022-01-13 | 2024-11-21 |