Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS05ZjlyLXczeHEtZjcyMs4AAUT6

Moderate EPSS: 0.00219% (0.44623 Percentile) EPSS:
Permalink JSON

Croogo vulnerable to XSS in Blog field

Affected Packages Affected Versions Fixed Versions
packagist:croogo/croogo <= 3.0.5 3.0.7
19 Dependent packages
45 Dependent repositories
15,786 Downloads total

Affected Version Ranges

All affected versions

2.0.0, 2.1.0, 2.1.1, 2.1.2, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5

All unaffected versions

3.0.6, 3.0.7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog.

References:

Identifiers

GHSA-9f9r-w3xq-f722

CVE-2019-7168

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00219

EPSS Percentile: 0.44623

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/croogo/croogo

Date and time

Published

about 3 years ago

Updated

almost 2 years ago

API

JSON