CVE Catalog
CVE-2025-51857
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk0.22%
13th percentile - higher than 13% of all known CVEs
Summary
An XSS vulnerability in the reconcile method of the AttachmentReconciler class in Halo system v.2.20.18LTS and earlier allows an attacker to inject malicious scripts.
Risk Assessment
An attacker can exploit this vulnerability to steal user sessions, take over accounts, or perform unauthorized actions in the victim's context.
Recommendation
Immediately update Halo system to a version newer than 2.20.18LTS and apply input filtering and output encoding in the reconcile method.
Original NVD description (English source)
The reconcile method in the AttachmentReconciler class of the Halo system v.2.20.18LTS and before is vulnerable to XSS attacks.

