CVE-2015-1053

NONE EPSS 80.5%
Published Jan 16, 201511y ago · Modified Jun 17, 20262w ago
Find Similar
Published Jan 16, 2015 11y ago
Last Modified Jun 17, 2026 2w ago

Description

Cross-site scripting (XSS) vulnerability in the administrative backend in Croogo before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to admin/file_manager/file_manager/editfile.

Threat Intelligence

EPSS Exploit Probability
80.5% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 1

VendorProductVersionRange
croogocroogo* ≤2.2.0

References 8

Remediation

  • blog.croogo.org https://blog.croogo.org/blog/croogo-221-released
    PatchVendor Advisory