Cross site scripting in Croogo

Croogo versions before 4.x contain a Cross Site Scripting (XSS) vulnerability in Page name that can result in execution of javascript code.