Skip to content

Croos-site scripting in Croogo

Low severity GitHub Reviewed Published Jun 22, 2021 to the GitHub Advisory Database • Updated Feb 1, 2023

Package

composer croogo/croogo (Composer)

Affected versions

< 3.0.7

Patched versions

3.0.7

Description

Croogo before 3.0.7 allows XSS via the title to admin/menus/menus or admin/taxonomy/vocabularies.

References

Published by the National Vulnerability Database Apr 26, 2020
Reviewed May 25, 2021
Published to the GitHub Advisory Database Jun 22, 2021
Last updated Feb 1, 2023

Severity

Low

EPSS score

0.074%
(34th percentile)

Weaknesses

CVE ID

CVE-2019-20789

GHSA ID

GHSA-jfvf-rfmq-qwf8

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.