CVE Daily

CVE-2025-51857

The reconcile method in the AttachmentReconciler class of the Halo system v.2.20...

Medium CVSS 6.1

Overview

The reconcile method in the AttachmentReconciler class of the Halo system v.2.20.18LTS and before is vulnerable to XSS attacks.

CWE: CWE-79 Published: 2025-08-05T18:15:34.763
Risk analysis

This vulnerability is rated 🟡 MEDIUM.

  • CVSS: 6.1 (MEDIUM)
  • Detected tags: xss (tag impact: MODERATE)

Recommended actions:

  • Apply context-aware output encoding.
  • Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Recommended tools

Tags