Reflecting XSS vulnerability in CMS Croogo v.2.2.0

Posted by Steffen Rösemann on Jan 12

Advisory: Reflecting XSS vulnerability in CMS Croogo v.2.2.0
Advisory ID: SROEADV-2015-02
Author: Steffen Rösemann
Affected Software: CMS Croogo v.2.20
Vendor URL: https://croogo.org
Vendor Status: solved
CVE-ID: –

==========================
Vulnerability Description:
==========================

The filemanager functionality in the administrative backend of CMS Croogo
v. 2.2.0 is prone to reflecting XSS attacks.

==================
Technical…

Leave a Reply