Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
croogo croogo vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2019-7169
A stored-self XSS exists in Croogo through v3.0.5, allowing an malicious user to execute HTML or JavaScript code in a vulnerable Title field to /admin/menus/menus/edit/3.
Croogo Croogo
NA
CVE-2014-8577
Multiple cross-site scripting (XSS) vulnerabilities in Croogo prior to 2.1.0 allow remote malicious users to inject arbitrary web script or HTML via the (1) data[Contact][title] parameter to admin/contacts/contacts/add page; (2) data[Block][title] or (3) data[Block][alias] parame...
Croogo Croogo
1 EDB exploit
4.8
CVSSv3
CVE-2019-20789
Croogo prior to 3.0.7 allows XSS via the title to admin/menus/menus or admin/taxonomy/vocabularies.
Croogo Croogo
4.8
CVSSv3
CVE-2019-7168
A stored-self XSS exists in Croogo through v3.0.5, allowing an malicious user to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog.
Croogo Croogo
4.8
CVSSv3
CVE-2019-7171
A stored-self XSS exists in Croogo through v3.0.5, allowing an malicious user to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8.
Croogo Croogo
4.8
CVSSv3
CVE-2019-7173
A stored-self XSS exists in Croogo through v3.0.5, allowing an malicious user to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4.
Croogo Croogo
4.8
CVSSv3
CVE-2019-7170
A stored-self XSS exists in Croogo through v3.0.5, allowing an malicious user to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies.
Croogo Croogo
NA
CVE-2015-1053
Cross-site scripting (XSS) vulnerability in the administrative backend in Croogo prior to 2.2.1 allows remote malicious users to inject arbitrary web script or HTML via the path parameter to admin/file_manager/file_manager/editfile.
Croogo Croogo
8.8
CVSSv3
CVE-2021-44673
A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script.
Croogo Croogo 3.0.2
5.4
CVSSv3
CVE-2017-1000510
Croogo version 2.3.1-17-g6f82e6c contains a Cross Site Scripting (XSS) vulnerability in Page name that can result in execution of javascript code.
Croogo Croogo 2.3.1-17-g6f82e6c
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started