2 matches found
CVE-2019-7171
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8...
CVE-2019-7171
Croogo CMS (CakePHP) 3.0.5 is affected by a stored-self XSS in the title field, exploitable via /admin/blocks/blocks/edit/8 to execute HTML or JavaScript. The issue is documented across multiple sources (e.g., CVE-2019-7171 and Red Hat/CNVD/OSV references). The provided documents do not specify a...