Описание
Croogo vulnerable to XSS in Blog field
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog.
Пакеты
Наименование
croogo/croogo
composer
Затронутые версииВерсия исправления
<= 3.0.5
3.0.7
Связанные уязвимости
CVSS3: 4.8
nvd
около 7 лет назад
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog.