croogo CVE 脆弱性と CVE 一覧(12)

製品(CPE): — CVE 件数: 12

croogo 脆弱性概要

croogo 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。

公開された問題は vendor risk cross-site scripting and パス処理の欠陥 に関連することが多く、vendor surface software deployment and vendor surface production workloads の文脈で vendor impact session compromise and ファイル上書き などの暴露リスクを伴う場合があります。

掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。

脆弱性分布の推移(直近24か月)

表示中 112 / 12 CVE 件数
«« 先頭 « 前へ 1 / 1 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2024-42718 A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter. [email protected] 6.5 0.02% 2025-12-26 2025-12-31
CVE-2024-29643 An issue in croogo v.3.0.2 allows an attacker to perform Host header injection via the feed.rss component. [email protected] 9.1 0.14% 2025-04-18 2025-05-28
CVE-2021-44673 A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script. [email protected] 8.8 3.54% 2022-03-10 2024-11-21
CVE-2019-20789 Croogo before 3.0.7 allows XSS via the title to admin/menus/menus or admin/taxonomy/vocabularies. [email protected] 4.8 0.32% 2020-04-26 2024-11-21
CVE-2019-7173 A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4. [email protected] 4.8 0.22% 2019-01-29 2024-11-21
CVE-2019-7171 A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8. [email protected] 4.8 0.22% 2019-01-29 2024-11-21
CVE-2019-7170 A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies. [email protected] 4.8 0.22% 2019-01-29 2024-11-21
CVE-2019-7169 A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/menus/menus/edit/3. [email protected] 4.8 0.22% 2019-01-29 2024-11-21
CVE-2019-7168 A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog. [email protected] 4.8 0.22% 2019-01-29 2024-11-21
CVE-2017-1000510 Croogo version 2.3.1-17-g6f82e6c contains a Cross Site Scripting (XSS) vulnerability in Page name that can result in execution of javascript code. [email protected] 5.4 0.32% 2018-02-09 2024-11-21
CVE-2015-1053 Cross-site scripting (XSS) vulnerability in the administrative backend in Croogo before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to admin/file_manager/file_manager/editfile. [email protected] 4.3 0.54% 2015-01-16 2026-05-06
CVE-2014-8577 Multiple cross-site scripting (XSS) vulnerabilities in Croogo before 2.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) data[Contact][title] parameter to admin/contacts/contacts/add page; (2) data[Block][title] or (3) data[Block][alias] parameter to admin/blocks/blocks/edit page; (4) data[Region][title] parameter to admin/blocks/regions/add page; (5) data[Menu][title] or (6) data[Menu][alias] parameter to admin/menus/menus/add page; or (7) data[Link][title] parameter [email protected] 4.3 13.09% 2014-10-31 2026-05-06
«« 先頭 « 前へ 1 / 1 次へ »
cvelogic Threat Intelligence