Описание
Croogo vulnerable to XSS in title field
A stored self-XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/menus/menus/edit/3.
Пакеты
Наименование
croogo/croogo
composer
Затронутые версииВерсия исправления
<= 3.0.5
3.0.7
Связанные уязвимости
CVSS3: 4.8
nvd
около 7 лет назад
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/menus/menus/edit/3.