CVE-2019-7170


01/29/2019

CVE-2019-7170

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies.

Attack vector: 
Network

Product: 
croogo: croogo

References: 
https://github.com/croogo/croogo/issues/890

Severity: 
Low

CVSS Score: 
3.5

CVSS Vector: 
(AV:N/AC:M/Au:S/C:N/I:P/A:N)



Don't forget to share

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *