Croogo is vulnerable to cross-site scripting (XSS) attacks. A malicious user can inject and execute arbitrary web script by passing a malicious link through the administrative backend.
packetstormsecurity.com/files/129916/CMS-Croogo-2.2.0-Cross-Site-Scripting.html
packetstormsecurity.com/files/129916/CMS-Croogo-2.2.0-Cross-Site-Scripting.html
seclists.org/fulldisclosure/2015/Jan/24
seclists.org/fulldisclosure/2015/Jan/24
sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-02.html
sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-02.html
sroesemann.blogspot.de/2015/01/sroeadv-2015-02.html
sroesemann.blogspot.de/2015/01/sroeadv-2015-02.html
www.securityfocus.com/bid/71999
www.securityfocus.com/bid/71999
blog.croogo.org/blog/croogo-221-released
exchange.xforce.ibmcloud.com/vulnerabilities/99890
exchange.xforce.ibmcloud.com/vulnerabilities/99890
github.com/croogo/croogo/issues/599