3 matches found
CVE-2019-7169
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/menus/menus/edit/3...
CVE-2019-7169
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/menus/menus/edit/3...
CVE-2019-7169
Croogo 3.0.5 and earlier are affected by a stored self‑XSS in the Title field of the Main Menu edit page (/admin/menus/menus/edit/3). The underlying issue allows an attacker to inject HTML/JavaScript into the vulnerable Title field, which gets stored and can be executed when viewed by other users...