Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2014-8577

Published: 31/10/2014 Updated: 08/09/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Croogo

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in Croogo prior to 2.1.0 allow remote malicious users to inject arbitrary web script or HTML via the (1) data[Contact][title] parameter to admin/contacts/contacts/add page; (2) data[Block][title] or (3) data[Block][alias] parameter to admin/blocks/blocks/edit page; (4) data[Region][title] parameter to admin/blocks/regions/add page; (5) data[Menu][title] or (6) data[Menu][alias] parameter to admin/menus/menus/add page; or (7) data[Link][title] parameter to admin/menus/links/add/menu page.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

croogo croogo

Exploits

Exploit DB: Croogo 2.0.0 - Multiple Persistent Cross-Site Scripting Vulnerabilities
<<< Croogo 200 Multiple Stored XSS Vulnerabilities Vendor: Fahad Ibnay Heylaal Product web page: wwwcroogoorg Affected version: 200 Summary: Croogo is a free, open source, content management system for PHP, released under The MIT License It is powered by CakePHP MVC framework Desc: Croogo version 200 suffers from mult ...

References

CWE-79http://www.osvdb.org/113109http://packetstormsecurity.com/files/128639/Croogo-2.0.0-Cross-Site-Scripting.htmlhttp://www.osvdb.org/113110http://zeroscience.mk/en/vulnerabilities/ZSL-2014-5201.phphttp://www.osvdb.org/113113http://www.osvdb.org/113111http://blog.croogo.org/blog/croogo-210-releasedhttp://www.exploit-db.com/exploits/34959https://exchange.xforce.ibmcloud.com/vulnerabilities/96991https://nvd.nist.govhttps://www.exploit-db.com/exploits/34959/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-26978CVE-2024-26982wirelessCVE-2023-6949CVE-2024-26980CVE-2024-32766CVE-2024-26939cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook