Lucene search

[email protected]CVE-2014-8577

HistoryOct 31, 2014 - 2:55 p.m.

CVE-2014-8577

2014-10-3114:55:11

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-8577

cross-site scripting

xss

croogo

security vulnerabilities

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

86.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Croogo before 2.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) data[Contact][title] parameter to admin/contacts/contacts/add page; (2) data[Block][title] or (3) data[Block][alias] parameter to admin/blocks/blocks/edit page; (4) data[Region][title] parameter to admin/blocks/regions/add page; (5) data[Menu][title] or (6) data[Menu][alias] parameter to admin/menus/menus/add page; or (7) data[Link][title] parameter to admin/menus/links/add/menu page.

Affected configurations

NVD

Node

croogocroogoRange≤2.0.0

CPENameOperatorVersion
croogo:croogocroogole2.0.0

CPE	Name	Operator	Version
croogo:croogo	croogo	le	2.0.0

References

blog.croogo.org/blog/croogo-210-released

packetstormsecurity.com/files/128639/Croogo-2.0.0-Cross-Site-Scripting.html

www.exploit-db.com/exploits/34959

www.osvdb.org/113109

www.osvdb.org/113110

www.osvdb.org/113111

www.osvdb.org/113113

zeroscience.mk/en/vulnerabilities/ZSL-2014-5201.php

exchange.xforce.ibmcloud.com/vulnerabilities/96991

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

86.8%

JSON

Related for CVE-2014-8577

cvelist1 zeroscience1 nvd1 prion1