EPSS
Percentile
24.8%
croogo is susceptible to cross-site scripting (XSS) attack. The vulnerability exists because it does not sanitize the value of Title field in the Main Menu page, allowing the attacker to inject malicious payload through it.
Title
github.com/croogo/croogo/blob/abcc39b4d1f3e05a2a3faa45a64d71bdd422edc6/Menus/src/Template/Admin/Menus/index.ctp#L60
github.com/croogo/croogo/issues/888