← Back

Croogo

croogo

Vendor: Croogo • 12 CVEs

CVEs (12)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-42718
1Croogo
1Croogo
Dec 31, 2025
Dec 26, 2025
N/A· v4
6.5 MEDIUM· v3
N/A· v2
A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter.
CVE-2024-29643
1Croogo
1Croogo
May 28, 2025
Apr 18, 2025
N/A· v4
9.1 CRITICAL· v3
N/A· v2
An issue in croogo v.3.0.2 allows an attacker to perform Host header injection via the feed.rss component.
CVE-2021-44673
1Croogo
1Croogo
Jun 17, 2026
Mar 10, 2022
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script.
CVE-2019-20789
1Croogo
1Croogo
Jun 17, 2026
Apr 26, 2020
N/A· v4
4.8 MEDIUM· v3
3.5 LOW· v2
Croogo before 3.0.7 allows XSS via the title to admin/menus/menus or admin/taxonomy/vocabularies.
CVE-2019-7173
1Croogo
1Croogo
Jun 17, 2026
Jan 29, 2019
N/A· v4
4.8 MEDIUM· v3
3.5 LOW· v2
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4.
CVE-2019-7171
1Croogo
1Croogo
Jun 17, 2026
Jan 29, 2019
N/A· v4
4.8 MEDIUM· v3
3.5 LOW· v2
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8.
CVE-2019-7170
1Croogo
1Croogo
Jun 17, 2026
Jan 29, 2019
N/A· v4
4.8 MEDIUM· v3
3.5 LOW· v2
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies.
CVE-2019-7169
1Croogo
1Croogo
Jun 17, 2026
Jan 29, 2019
N/A· v4
4.8 MEDIUM· v3
3.5 LOW· v2
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/menus/menus/edit/3.
CVE-2019-7168
1Croogo
1Croogo
Jun 17, 2026
Jan 29, 2019
N/A· v4
4.8 MEDIUM· v3
3.5 LOW· v2
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog.
CVE-2017-1000510
1Croogo
1Croogo
Nov 21, 2024
Feb 9, 2018
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Croogo version 2.3.1-17-g6f82e6c contains a Cross Site Scripting (XSS) vulnerability in Page name that can result in execution of javascript code.
CVE-2015-1053
1Croogo
1Croogo
May 6, 2026
Jan 16, 2015
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in the administrative backend in Croogo before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to admin/file_manager/file_manager/editf...Show more
Cross-site scripting (XSS) vulnerability in the administrative backend in Croogo before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to admin/file_manager/file_manager/editfile.Show less
CVE-2014-8577
1Croogo
1Croogo
May 6, 2026
Oct 31, 2014
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Multiple cross-site scripting (XSS) vulnerabilities in Croogo before 2.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) data[Contact][title] parameter to admin/contacts/contacts/add page; (2)...Show more
Multiple cross-site scripting (XSS) vulnerabilities in Croogo before 2.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) data[Contact][title] parameter to admin/contacts/contacts/add page; (2) data[Block][title] or (3) data[Block][alias] parameter to admin/blocks/blocks/edit page; (4) data[Region][title] parameter to admin/blocks/regions/add page; (5) data[Menu][title] or (6) data[Menu][alias] parameter to admin/menus/menus/add page; or (7) data[Link][title] parameter to admin/menus/links/add/menu page.Show less