Lucene search

Croogo Security Vulnerabilities

cve

CVE-2014-8577

Multiple cross-site scripting (XSS) vulnerabilities in Croogo before 2.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) data[Contact][title] parameter to admin/contacts/contacts/add page; (2) data[Block][title] or (3) data[Block][alias] parameter to admin/blocks/blocks/...

5.9AI Score

0.015EPSS

2014-10-31 02:55 PM

cve

CVE-2015-1053

Cross-site scripting (XSS) vulnerability in the administrative backend in Croogo before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to admin/file_manager/file_manager/editfile.

5.8AI Score

0.007EPSS

2015-01-16 03:59 PM

cve

CVE-2017-1000510

Croogo version 2.3.1-17-g6f82e6c contains a Cross Site Scripting (XSS) vulnerability in Page name that can result in execution of javascript code.

5.4CVSS

5.3AI Score

0.001EPSS

2018-02-09 11:29 PM

cve

CVE-2019-20789

Croogo before 3.0.7 allows XSS via the title to admin/menus/menus or admin/taxonomy/vocabularies.

4.8CVSS

4.8AI Score

0.001EPSS

2020-04-26 05:15 PM

cve

CVE-2019-7168

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog.

4.8CVSS

4.9AI Score

0.001EPSS

2022-10-03 04:19 PM

cve

CVE-2019-7169

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/menus/menus/edit/3.

4.8CVSS

4.9AI Score

0.001EPSS

2022-10-03 04:19 PM

cve

CVE-2019-7170

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies.

4.8CVSS

4.9AI Score

0.001EPSS

2022-10-03 04:19 PM

cve

CVE-2019-7171

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8.

4.8CVSS

4.9AI Score

0.001EPSS

2022-10-03 04:19 PM

cve

CVE-2019-7173

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4.

4.8CVSS

4.9AI Score

0.001EPSS

2022-10-03 04:19 PM

cve

CVE-2021-44673

A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script.

8.8CVSS

8.9AI Score

0.011EPSS

2022-03-10 06:15 PM