Croogo is vulnerable to cross-site scripting (XSS). The attacker can inject malicious script in the title parameter of admin/menus/menus
or admin/taxonomy/vocabularies
, causing the malicious script to be executed when a user visits the page.
CPE | Name | Operator | Version |
---|---|---|---|
croogo/croogo | le | 3.0.6 |