NVD

Id
35587  
Name
CVE-2014-8577  
Description
Multiple cross-site scripting (XSS) vulnerabilities in Croogo before 2.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) data[Contact][title] parameter to admin/contacts/contacts/add page; (2) data[Block][title] or (3) data[Block][alias] parameter to admin/blocks/blocks/edit page; (4) data[Region][title] parameter to admin/blocks/regions/add page; (5) data[Menu][title] or (6) data[Menu][alias] parameter to admin/menus/menus/add page; or (7) data[Link][title] parameter to admin/menus/links/add/menu page.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2014-10-31  
Modified Date
2014-11-03  
Seq
2014-8577  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
182187 35587 CVE-2014-8577 http://blog.croogo.org/blog/croogo-210-released  View
182188 35587 CVE-2014-8577 http://packetstormsecurity.com/files/128639/Croogo-2.0.0-Cross-Site-Scripting.html  View
182189 35587 CVE-2014-8577 34959  View
182190 35587 CVE-2014-8577 croogo-multiple-post-xss(96991)  View
182191 35587 CVE-2014-8577 http://zeroscience.mk/en/vulnerabilities/ZSL-2014-5201.php  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
16315 JVNDB-2014-005190 Croogo におけるクロスサイトスクリプティングの脆弱性 Croogo には、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2014-8577 75870 CVE-2014-8577 35587 4.3 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-005190.html 2014-09-02 2014-11-05 View