Vulnerabilities (CVE)

Filtered by vendor Croogo Subscribe

Filtered by product Croogo

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 7 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2019-20789	1 Croogo	1 Croogo	2020-04-27	3.5 LOW	4.8 MEDIUM
Croogo before 3.0.7 allows XSS via the title to admin/menus/menus or admin/taxonomy/vocabularies.
CVE-2019-7168	1 Croogo	1 Croogo	2019-01-29	3.5 LOW	4.8 MEDIUM
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog.
CVE-2019-7169	1 Croogo	1 Croogo	2019-01-29	3.5 LOW	4.8 MEDIUM
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/menus/menus/edit/3.
CVE-2019-7170	1 Croogo	1 Croogo	2019-01-29	3.5 LOW	4.8 MEDIUM
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies.
CVE-2019-7171	1 Croogo	1 Croogo	2019-01-29	3.5 LOW	4.8 MEDIUM
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8.
CVE-2019-7173	1 Croogo	1 Croogo	2019-01-29	3.5 LOW	4.8 MEDIUM
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4.
CVE-2017-1000510	1 Croogo	1 Croogo	2018-02-26	3.5 LOW	5.4 MEDIUM
Croogo version 2.3.1-17-g6f82e6c contains a Cross Site Scripting (XSS) vulnerability in Page name that can result in execution of javascript code.