Cross-Site Scripting Vulnerability in Croogo CMS
CVE-2015-1053

Currently unrated

Key Information:

Vendor: Croogo
Status: Croogo
Vendor: CVE Published:; 16 January 2015

What is CVE-2015-1053?

A cross-site scripting (XSS) vulnerability exists in the administrative backend of Croogo CMS versions prior to 2.2.1. This flaw allows remote attackers to inject arbitrary web scripts or HTML into the application via a manipulated 'path' parameter in the admin file manager section. If exploited, this vulnerability could lead to unauthorized access and malicious actions on the part of the attacker, putting the integrity and confidentiality of affected installations at risk.

References

http://packetstormsecurity.com/files/129916/CMS-Croogo-2....

x_refsource_MISC

http://sroesemann.blogspot.de/2015/01/report-for-advisory...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/99890

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 16, 2015
Vulnerability Reserved
Jan 16, 2015

JSON