Описание
Croogo vulnerable to Cross-site Scripting in title field
A stored self-XSS exists in Croogo before v3.0.7, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4.
Пакеты
Наименование
croogo/croogo
composer
Затронутые версииВерсия исправления
< 3.0.7
3.0.7
Связанные уязвимости
CVSS3: 4.8
nvd
около 7 лет назад
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4.