4 matches found
CVE-2019-7170
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies...
CVE-2019-7170
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies...
CVE-2019-7170
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies...
CVE-2019-7170
Affected software: Croogo CMS (versions up to 3.0.5). Vulnerability: Stored-self XSS in the article/title handling, exploitable via the vulnerable Title field submitted to /admin/taxonomy/vocabularies. Impact (as stated): Attacker can execute HTML/JavaScript in a victim’s browser. Root cause (as ...