CVE Catalog

CVE-2025-51857

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

13th percentile - higher than 13% of all known CVEs

Summary

An XSS vulnerability in the reconcile method of the AttachmentReconciler class in Halo system v.2.20.18LTS and earlier allows an attacker to inject malicious scripts.

Risk Assessment

An attacker can exploit this vulnerability to steal user sessions, take over accounts, or perform unauthorized actions in the victim's context.

Recommendation

Immediately update Halo system to a version newer than 2.20.18LTS and apply input filtering and output encoding in the reconcile method.

Original NVD description (English source)

The reconcile method in the AttachmentReconciler class of the Halo system v.2.20.18LTS and before is vulnerable to XSS attacks.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS