A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| croogo/croogo(Packagist) | 0 | 3.0.7 | N/A |
CVSS Metrics
