Stored Self XSS in Croogo CMS by Panada Cat
CVE-2019-7169

4.8MEDIUM

Key Information:

Vendor: Croogo
Status: Croogo
Vendor: CVE Published:; 29 January 2019

What is CVE-2019-7169?

A stored self XSS vulnerability has been identified in Croogo, specifically affecting versions up to 3.0.5. This flaw allows an attacker to inject and execute arbitrary HTML or JavaScript code within the Title field of a menu item through the admin interface. Consequently, users managing menus may unknowingly run malicious scripts, potentially compromising their web application and its visitors.

References

https://github.com/croogo/croogo/issues/888

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jan 29, 2019

JSON