Stored Self XSS in Croogo CMS Affects Versions Prior to 3.0.5
CVE-2019-7170

4.8MEDIUM

Key Information:

Vendor: Croogo
Status: Croogo
Vendor: CVE Published:; 29 January 2019

What is CVE-2019-7170?

A stored self XSS vulnerability affects Croogo versions up to 3.0.5, which allows an attacker to inject and execute malicious HTML or JavaScript code via a vulnerable Title field in the /admin/taxonomy/vocabularies endpoint. This security flaw could lead to unauthorized actions or exposure of sensitive user data through a crafted request.

References

https://github.com/croogo/croogo/issues/890

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jan 29, 2019

JSON