Http to Https redirect in web app

How to get http to redirect to https in the web app. Open appsettings.json in the root folder (not api or auth). Add "httpsonly":true like in the below; Restart the site. Now when browsing to the http version it will be replaced with the https version.

CVE-2024-6200 – Stored Cross-Site Scripting in Tickets

General Information This article contains frequently asked questions relating to the store cross-site scripting vulnerability affecting Halo versions up to 2.143.6. Users with the permission to open tickets may embed malicious JavaScript code into them, that, when accessed by another user, executes within the context of that user. Are hosted Halo instances affected? Hosted customers […]

CVE-2024-6201 – Emailing Template Injection

General Information This article contains frequently asked questions relating to the emailing template injection vulnerability affecting Halo versions up to 2.143.21. Users with the permission to open tickets may embed variables that may subsequently be resolved by the emailing template engine. This might lead to the leakage of variables and custom field values via emails. […]

CVE-2024-6203 – Password Reset Poisoning

General Information This article contains frequently asked questions relating to the store cross-site scripting vulnerability affecting Halo versions up to 2.143.61 and all 2.144 and 2.145 versions. Users with access to the password forgotten functionality can issue a password reset request, to the victims email address, and by manipulating the request in a specific way […]

CVE-2024-6202 – SAML XML Signature Wrapping (XSW)

General Information This article contains frequently asked questions relating to the XML signature wrapping vulnerability affecting Halo versions up to 2.143.8. SAML XML signature wrapping is an attack method where an attacker modifies the signed SAML message without invalidating the signature. This can lead to the attacker impersonating another user. Are hosted Halo instances affected? […]