Croogo

Source repositories

https://github.com/croogo/croogo

CVEs (11)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2024-6647	Croogo Croogo	Med	0.31	4.7	0.00	Jul 10, 2024	UNSUPPORTED WHEN ASSIGNED A vulnerability classified as critical has been found in Croogo up to 4.0.7. This affects an unknown part of the file admin/settings/settings/prefix/Theme of the component Setting Handler. The manipulation of the argument Content-Type leads to…
CVE-2014-8577	Croogo Croogo		0.04	—	0.13	Oct 31, 2014	Multiple cross-site scripting (XSS) vulnerabilities in Croogo before 2.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) data[Contact][title] parameter to admin/contacts/contacts/add page; (2) data[Block][title] or (3) data[Block][alias] parameter to…
CVE-2021-44673	Croogo Croogo		0.03	—	0.04	Mar 10, 2022	A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script.
CVE-2024-42718	Croogo Croogo		0.00	—	0.00	Dec 26, 2025	A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter.
CVE-2024-29643	Croogo Croogo		0.00	—	0.00	Apr 18, 2025	An issue in croogo v.3.0.2 allows an attacker to perform Host header injection via the feed.rss component.
CVE-2019-7170	Croogo Croogo		0.00	—	0.00	Jan 29, 2019	A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies.
CVE-2019-7173	Croogo Croogo		0.00	—	0.00	Jan 29, 2019	A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4.
CVE-2019-7171	Croogo Croogo		0.00	—	0.00	Jan 29, 2019	A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8.
CVE-2019-7169	Croogo Croogo		0.00	—	0.00	Jan 29, 2019	A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/menus/menus/edit/3.
CVE-2019-7168	Croogo Croogo		0.00	—	0.00	Jan 29, 2019	A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog.
CVE-2015-1053	Croogo Croogo		0.00	—	0.01	Jan 16, 2015	Cross-site scripting (XSS) vulnerability in the administrative backend in Croogo before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to admin/file_manager/file_manager/editfile.

CVE-2024-6647MedJul 10, 2024
Croogo
Croogo
risk 0.31cvss 4.7epss 0.00
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in Croogo up to 4.0.7. This affects an unknown part of the file admin/settings/settings/prefix/Theme of the component Setting Handler. The manipulation of the argument Content-Type leads to…
CVE-2014-8577Oct 31, 2014
Croogo
Croogo
risk 0.04cvss —epss 0.13
Multiple cross-site scripting (XSS) vulnerabilities in Croogo before 2.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) data[Contact][title] parameter to admin/contacts/contacts/add page; (2) data[Block][title] or (3) data[Block][alias] parameter to…
CVE-2021-44673Mar 10, 2022
Croogo
Croogo
risk 0.03cvss —epss 0.04
A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script.
CVE-2024-42718Dec 26, 2025
Croogo
Croogo
risk 0.00cvss —epss 0.00
A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter.
CVE-2024-29643Apr 18, 2025
Croogo
Croogo
risk 0.00cvss —epss 0.00
An issue in croogo v.3.0.2 allows an attacker to perform Host header injection via the feed.rss component.
CVE-2019-7170Jan 29, 2019
Croogo
Croogo
risk 0.00cvss —epss 0.00
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies.
CVE-2019-7173Jan 29, 2019
Croogo
Croogo
risk 0.00cvss —epss 0.00
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4.
CVE-2019-7171Jan 29, 2019
Croogo
Croogo
risk 0.00cvss —epss 0.00
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8.
CVE-2019-7169Jan 29, 2019
Croogo
Croogo
risk 0.00cvss —epss 0.00
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/menus/menus/edit/3.
CVE-2019-7168Jan 29, 2019
Croogo
Croogo
risk 0.00cvss —epss 0.00
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog.
CVE-2015-1053Jan 16, 2015
Croogo
Croogo
risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the administrative backend in Croogo before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to admin/file_manager/file_manager/editfile.