Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
croogo croogo vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-8577
Multiple cross-site scripting (XSS) vulnerabilities in Croogo prior to 2.1.0 allow remote malicious users to inject arbitrary web script or HTML via the (1) data[Contact][title] parameter to admin/contacts/contacts/add page; (2) data[Block][title] or (3) data[Block][alias] parame...
Croogo Croogo
1 EDB exploit
4.8
CVSSv3
CVE-2019-7169
A stored-self XSS exists in Croogo through v3.0.5, allowing an malicious user to execute HTML or JavaScript code in a vulnerable Title field to /admin/menus/menus/edit/3.
Croogo Croogo
4.8
CVSSv3
CVE-2019-7173
A stored-self XSS exists in Croogo through v3.0.5, allowing an malicious user to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4.
Croogo Croogo
4.8
CVSSv3
CVE-2019-7170
A stored-self XSS exists in Croogo through v3.0.5, allowing an malicious user to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies.
Croogo Croogo
4.8
CVSSv3
CVE-2019-7168
A stored-self XSS exists in Croogo through v3.0.5, allowing an malicious user to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog.
Croogo Croogo
4.8
CVSSv3
CVE-2019-7171
A stored-self XSS exists in Croogo through v3.0.5, allowing an malicious user to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8.
Croogo Croogo
4.8
CVSSv3
CVE-2019-20789
Croogo prior to 3.0.7 allows XSS via the title to admin/menus/menus or admin/taxonomy/vocabularies.
Croogo Croogo
NA
CVE-2015-1053
Cross-site scripting (XSS) vulnerability in the administrative backend in Croogo prior to 2.2.1 allows remote malicious users to inject arbitrary web script or HTML via the path parameter to admin/file_manager/file_manager/editfile.
Croogo Croogo
8.8
CVSSv3
CVE-2021-44673
A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script.
Croogo Croogo 3.0.2
5.4
CVSSv3
CVE-2017-1000510
Croogo version 2.3.1-17-g6f82e6c contains a Cross Site Scripting (XSS) vulnerability in Page name that can result in execution of javascript code.
Croogo Croogo 2.3.1-17-g6f82e6c
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started