CVE-2019-7170

Name of the Vulnerable Software and Affected Versions Croogo versions prior to 3.0.6

Description A stored-self XSS issue exists, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to "/admin/taxonomy/vocabularies".

Recommendations For versions prior to 3.0.6, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the "/admin/taxonomy/vocabularies" endpoint until a patch is available. Avoid using the Title field in the affected endpoint until the issue is resolved.