Google Cloud Storage for Craft CMS has an Information Disclosure Vulnerability

Unauthenticated users can view a list of buckets the plugin has access to. The DefaultController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin is allowed to see. Users should update to version 2.2.1 of the plugin to...

PT-2024-27603 · Crocoblock · Crocoblock Jetthemecore

Name of the Vulnerable Software and Affected Versions: Crocoblock JetThemeCore versions prior to 2.2.1 Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a 'Path Traversal' vulnerability, which allows File Manipulation...

CMS Croogo 2.2.0 Cross Site Scripting

Advisory: Reflecting XSS vulnerability in CMS Croogo v.2.2.0 Advisory ID: SROEADV-2015-02 Author: Steffen Rösemann Affected Software: CMS Croogo v.2.20 Vendor URL: https://croogo.org Vendor Status: solved CVE-ID: - ========================== Vulnerability Description: ========================== T...