8 matches found
CVE-2019-20789
Croogo before 3.0.7 allows XSS via the title to admin/menus/menus or admin/taxonomy/vocabularies...
EUVD-2022-5086
Malicious code in bioql PyPI...
CVE-2024-29643
CVE-2024-29643 affects croogo v3.0.2 and is due to Host header injection in the feed.rss component. The vulnerability occurs when the feed.rss code passes the HTTP Host header content into a response element (e.g., a link) without proper filtering, enabling an attacker to influence redirect-like ...
PT-2025-17297 · Croogo · Croogo
Name of the Vulnerable Software and Affected Versions: croogo version 3.0.2 Description: The issue allows an attacker to perform Host header injection via the feed.rss component. Recommendations: For croogo version 3.0.2, consider disabling the feed.rss component until a patch is available...
CVE-2019-20789
Croogo before 3.0.7 allows XSS via the title to admin/menus/menus or admin/taxonomy/vocabularies...
Cross site scripting
Croogo version 2.3.1-17-g6f82e6c contains a Cross Site Scripting XSS vulnerability in Page name that can result in execution of javascript code...
CVE-2017-1000510
Croogo version 2.3.1-17-g6f82e6c contains a Cross Site Scripting XSS vulnerability in Page name that can result in execution of javascript code...
CVE-2017-1000510
Croogo version 2.3.1-17-g6f82e6c contains a Cross Site Scripting XSS vulnerability in Page name that can result in execution of javascript code...