Back to search
CVE-2024-56156
Published: Apr 25, 2025
Modified: Feb 3, 2026
PUBLISHED
Description
Halo is an open source website building tool. Prior to version 2.20.13, a vulnerability in Halo allows attackers to bypass file type validation controls. This bypass enables the upload of malicious files including executables and HTML files, which can lead to stored cross-site scripting attacks and potential remote code execution under certain circumstances. This issue has been patched in version 2.20.13.
| Vendor | Product | Versions |
|---|---|---|
halo-dev | halo | affected < 2.20.13 |
Weaknesses (CWE)
References
https://github.com/halo-dev/halo/security/advisories/GHSA-99mc-ch53-pqh9
x_refsource_CONFIRM
https://github.com/halo-dev/halo/pull/7149
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now