Vulnerabilities > Croogo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-10 | CVE-2021-44673 | Unrestricted Upload of File with Dangerous Type vulnerability in Croogo 3.0.2 A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script. | 8.8 |
| 2020-04-26 | CVE-2019-20789 | Cross-site Scripting vulnerability in Croogo Croogo before 3.0.7 allows XSS via the title to admin/menus/menus or admin/taxonomy/vocabularies. | 4.8 |
| 2019-01-29 | CVE-2019-7173 | Cross-site Scripting vulnerability in Croogo A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4. | 4.8 |
| 2019-01-29 | CVE-2019-7171 | Cross-site Scripting vulnerability in Croogo A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8. | 4.8 |
| 2019-01-29 | CVE-2019-7170 | Cross-site Scripting vulnerability in Croogo A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies. | 4.8 |
| 2019-01-29 | CVE-2019-7169 | Cross-site Scripting vulnerability in Croogo A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/menus/menus/edit/3. | 4.8 |
| 2019-01-29 | CVE-2019-7168 | Cross-site Scripting vulnerability in Croogo A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog. | 4.8 |
| 2018-02-09 | CVE-2017-1000510 | Cross-site Scripting vulnerability in Croogo 2.3.117G6F82E6C Croogo version 2.3.1-17-g6f82e6c contains a Cross Site Scripting (XSS) vulnerability in Page name that can result in execution of javascript code. | 5.4 |