croogo Host header injection
An issue in croogo v.3.0.2 allows an attacker to perform Host header injection via the feed.rss component.
An issue in croogo v.3.0.2 allows an attacker to perform Host header injection via the feed.rss component.
A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script.
Croogo allows XSS via the title to admin/menus/menus or admin/taxonomy/vocabularies.
A stored-self XSS exists in Croogo allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog.
A stored-self XSS exists in Croogo allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8.
A stored-self XSS exists in Croogo allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4.
A stored-self XSS exists in Croogo allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies.
A stored-self XSS exists in Croogo allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/menus/menus/edit/3.
Croogo contains a Cross Site Scripting (XSS) vulnerability in Page name that can result in execution of javascript code.