Filtered by vendor Croogo
Subscriptions
Filtered by product Croogo
Subscriptions
Total
11 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-7173 | 1 Croogo | 1 Croogo | 2024-09-17 | N/A |
| A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4. | ||||
| CVE-2019-7169 | 1 Croogo | 1 Croogo | 2024-09-16 | N/A |
| A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/menus/menus/edit/3. | ||||
| CVE-2019-7168 | 1 Croogo | 1 Croogo | 2024-09-16 | N/A |
| A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog. | ||||
| CVE-2019-7170 | 1 Croogo | 1 Croogo | 2024-09-16 | N/A |
| A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies. | ||||
| CVE-2019-7171 | 1 Croogo | 1 Croogo | 2024-09-16 | N/A |
| A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8. | ||||
| CVE-2014-8577 | 1 Croogo | 1 Croogo | 2024-08-06 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Croogo before 2.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) data[Contact][title] parameter to admin/contacts/contacts/add page; (2) data[Block][title] or (3) data[Block][alias] parameter to admin/blocks/blocks/edit page; (4) data[Region][title] parameter to admin/blocks/regions/add page; (5) data[Menu][title] or (6) data[Menu][alias] parameter to admin/menus/menus/add page; or (7) data[Link][title] parameter to admin/menus/links/add/menu page. | ||||
| CVE-2015-1053 | 1 Croogo | 1 Croogo | 2024-08-06 | N/A |
| Cross-site scripting (XSS) vulnerability in the administrative backend in Croogo before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to admin/file_manager/file_manager/editfile. | ||||
| CVE-2017-1000510 | 1 Croogo | 1 Croogo | 2024-08-05 | N/A |
| Croogo version 2.3.1-17-g6f82e6c contains a Cross Site Scripting (XSS) vulnerability in Page name that can result in execution of javascript code. | ||||
| CVE-2019-20789 | 1 Croogo | 1 Croogo | 2024-08-05 | 4.8 Medium |
| Croogo before 3.0.7 allows XSS via the title to admin/menus/menus or admin/taxonomy/vocabularies. | ||||
| CVE-2021-44673 | 1 Croogo | 1 Croogo | 2024-08-04 | 8.8 High |
| A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script. | ||||
| CVE-2024-6647 | 1 Croogo | 1 Croogo | 2024-08-01 | 4.7 Medium |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in Croogo up to 4.0.7. This affects an unknown part of the file admin/settings/settings/prefix/Theme of the component Setting Handler. The manipulation of the argument Content-Type leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271053 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
Page 1 of 1.