CVE-2026-42842 grav-plugin-form: XSS via Taxonomy Field Values in Admin Panel

The form plugin for Grav adds the ability to create and use forms. Prior to 9.1.0, a Stored Cross-Site Scripting XSS vulnerability exists in the Grav CMS Form plugin's select field template. Taxonomy tag and category values are rendered with the Twig |raw filter in the admin panel, bypassing the...

CVE-2019-20789

Croogo is affected in versions before 3.0.7. The vulnerability is a Cross-Site Scripting (XSS) flaw triggered by crafting a malicious title that is submitted to admin/menus/menus or admin/taxonomy/vocabularies, with the impact being script execution when a user views the page. The root cause, as ...

Croogo cross-site scripting vulnerability (CNVD-2019-03590)

Croogo is a content management system CMS based on the CakePHP framework development . The system provides content type can be customized for Blog, Node, Page, content editing using WYSIWYG editor and other features. A cross-site scripting vulnerability exists in Croogo 3.0.5 and earlier versions...

CVE-2019-7170

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies...

CVE-2019-7170

Affected software: Croogo CMS (versions up to 3.0.5). Vulnerability: Stored-self XSS in the article/title handling, exploitable via the vulnerable Title field submitted to /admin/taxonomy/vocabularies. Impact (as stated): Attacker can execute HTML/JavaScript in a victim’s browser. Root cause (as ...