Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1yNGg5LWd2Mm0tOXg5N84AAXVy

Moderate EPSS: 0.0032% (0.54498 Percentile) EPSS:
Permalink JSON

Cross site scripting in Croogo

Affected Packages Affected Versions Fixed Versions
packagist:croogo/croogo < 4.0.0 4.0.0
19 Dependent packages
45 Dependent repositories
15,786 Downloads total

Affected Version Ranges

All affected versions

2.0.0, 2.1.0, 2.1.1, 2.1.2, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7

All unaffected versions

4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7

Croogo versions before 4.x contain a Cross Site Scripting (XSS) vulnerability in Page name that can result in execution of javascript code.

References:

Identifiers

GHSA-r4h9-gv2m-9x97

CVE-2017-1000510

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.0032

EPSS Percentile: 0.54498

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/croogo/croogo

Date and time

Published

about 3 years ago

Updated

almost 2 years ago

API

JSON