Multiple Cross-Site Scripting Vulnerabilities in Croogo by Croogo
CVE-2014-8577

Currently unrated

Key Information:

Vendor

Croogo

Status
Croogo
Vendor
CVE Published:
31 October 2014

What is CVE-2014-8577?

Croogo versions prior to 2.1.0 suffer from multiple Cross-Site Scripting (XSS) vulnerabilities, allowing remote attackers to inject arbitrary web scripts or HTML. These vulnerabilities can be exploited through various input parameters during admin actions including managing contacts, blocks, regions, menus, and links. The impacted parameters such as data[Contact][title], data[Block][title], data[Region][title], and others provide an entry point for malicious input, potentially compromising the integrity and confidentiality of the affected application. It is critical for administrators to review and upgrade to the latest version to mitigate these risks effectively.

References

http://www.osvdb.org/113110
vdb-entryx_refsource_OSVDB
https://exchange.xforce.ibmcloud.com/vulnerabilities/96991
vdb-entryx_refsource_XF
http://www.exploit-db.com/exploits/34959
exploitx_refsource_EXPLOIT-DB

EPSS Score

15% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2014-8577 : Multiple Cross-Site Scripting Vulnerabilities in Croogo by Croogo