5 matches found
CVE-2024-29643
An issue in croogo v.3.0.2 allows an attacker to perform Host header injection via the feed.rss component...
CVE-2024-29643
An issue in croogo v.3.0.2 allows an attacker to perform Host header injection via the feed.rss component...
CVE-2024-29643
An issue in croogo v.3.0.2 allows an attacker to perform Host header injection via the feed.rss component...
CVE-2024-29643
An issue in croogo v.3.0.2 allows an attacker to perform Host header injection via the feed.rss component...
CVE-2024-29643
CVE-2024-29643 affects croogo v3.0.2 and is due to Host header injection in the feed.rss component. The vulnerability occurs when the feed.rss code passes the HTTP Host header content into a response element (e.g., a link) without proper filtering, enabling an attacker to influence redirect-like ...