Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 12 Jan 2015 15:48:12 +0100
From: Steffen Rösemann <>
Subject: CVE-Request -- CMS Croogo v.2.2.0 -- Reflecting XSS in filemanager in
 the administrative backend

Hi Josh, Steve, vendors, list.

I found a reflecting XSS vulnerability in the filemanager of the CMS Croogo
v. 2.2.0.

The filemanager is located here in a common Croogo installation:


By appending arbitrary HTML- and/or JavaScriptcode to names of existing
files, the XSS gets executed. However it does not work by appending the
code to names of directories.


in filemanager functionality of CMS Croogo 2.2.0")</script><!--

Could you please assign a CVE-ID for that issue?

Thank you!


Steffen Rösemann



Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ