Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
croogo croogo vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2019-7169
A stored-self XSS exists in Croogo through v3.0.5, allowing an malicious user to execute HTML or JavaScript code in a vulnerable Title field to /admin/menus/menus/edit/3.
Croogo Croogo
4.8
CVSSv3
CVE-2019-7173
A stored-self XSS exists in Croogo through v3.0.5, allowing an malicious user to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4.
Croogo Croogo
4.8
CVSSv3
CVE-2019-7170
A stored-self XSS exists in Croogo through v3.0.5, allowing an malicious user to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies.
Croogo Croogo
4.8
CVSSv3
CVE-2019-7171
A stored-self XSS exists in Croogo through v3.0.5, allowing an malicious user to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8.
Croogo Croogo
4.8
CVSSv3
CVE-2019-7168
A stored-self XSS exists in Croogo through v3.0.5, allowing an malicious user to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog.
Croogo Croogo
4.8
CVSSv3
CVE-2019-20789
Croogo prior to 3.0.7 allows XSS via the title to admin/menus/menus or admin/taxonomy/vocabularies.
Croogo Croogo
NA
CVE-2014-8577
Multiple cross-site scripting (XSS) vulnerabilities in Croogo prior to 2.1.0 allow remote malicious users to inject arbitrary web script or HTML via the (1) data[Contact][title] parameter to admin/contacts/contacts/add page; (2) data[Block][title] or (3) data[Block][alias] parame...
Croogo Croogo
1 EDB exploit
NA
CVE-2015-1053
Cross-site scripting (XSS) vulnerability in the administrative backend in Croogo prior to 2.2.1 allows remote malicious users to inject arbitrary web script or HTML via the path parameter to admin/file_manager/file_manager/editfile.
Croogo Croogo
8.8
CVSSv3
CVE-2021-44673
A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script.
Croogo Croogo 3.0.2
5.4
CVSSv3
CVE-2017-1000510
Croogo version 2.3.1-17-g6f82e6c contains a Cross Site Scripting (XSS) vulnerability in Page name that can result in execution of javascript code.
Croogo Croogo 2.3.1-17-g6f82e6c
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
spoof
CVE-2024-34928
CVE-2024-5291
deserialization
CVE-2024-4471
CVE-2024-4956
CVE-2024-32002
CVE-2024-5227
unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started