Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
croogo croogo vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2015-1053
Cross-site scripting (XSS) vulnerability in the administrative backend in Croogo prior to 2.2.1 allows remote malicious users to inject arbitrary web script or HTML via the path parameter to admin/file_manager/file_manager/editfile.
Croogo Croogo
3.5
CVSSv2
CVE-2019-7168
A stored-self XSS exists in Croogo through v3.0.5, allowing an malicious user to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog.
Croogo Croogo
3.5
CVSSv2
CVE-2019-7173
A stored-self XSS exists in Croogo through v3.0.5, allowing an malicious user to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4.
Croogo Croogo
3.5
CVSSv2
CVE-2019-7170
A stored-self XSS exists in Croogo through v3.0.5, allowing an malicious user to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies.
Croogo Croogo
4.3
CVSSv2
CVE-2014-8577
Multiple cross-site scripting (XSS) vulnerabilities in Croogo prior to 2.1.0 allow remote malicious users to inject arbitrary web script or HTML via the (1) data[Contact][title] parameter to admin/contacts/contacts/add page; (2) data[Block][title] or (3) data[Block][alias] parame...
Croogo Croogo
1 EDB exploit
3.5
CVSSv2
CVE-2019-20789
Croogo prior to 3.0.7 allows XSS via the title to admin/menus/menus or admin/taxonomy/vocabularies.
Croogo Croogo
3.5
CVSSv2
CVE-2019-7169
A stored-self XSS exists in Croogo through v3.0.5, allowing an malicious user to execute HTML or JavaScript code in a vulnerable Title field to /admin/menus/menus/edit/3.
Croogo Croogo
3.5
CVSSv2
CVE-2019-7171
A stored-self XSS exists in Croogo through v3.0.5, allowing an malicious user to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8.
Croogo Croogo
6.5
CVSSv2
CVE-2021-44673
A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script.
Croogo Croogo 3.0.2
3.5
CVSSv2
CVE-2017-1000510
Croogo version 2.3.1-17-g6f82e6c contains a Cross Site Scripting (XSS) vulnerability in Page name that can result in execution of javascript code.
Croogo Croogo 2.3.1-17-g6f82e6c
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started