2 matches found
CVE-2019-7173
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4...
CVE-2019-7173
Croogo is affected by a stored-self XSS vulnerability in the title field of the Attachment page (/admin/file-manager/attachments/edit/4). Affected versions include Croogo prior to 3.0.7 (v3.0.5 referenced; OSV notes vulnerability before 3.0.7). The root cause is reflected in multiple sources desc...