Vkbiu

**Name of the Vulnerable Software and Affected Versions** Croogo versions prior to 3.0.7 **Description** The issue allows for XSS attacks via the title to "admin/menus/menus" or "admin/taxonomy/vocabularies". **Recommendations** For versions prior to 3.0.7, update to version 3.0.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the "admin/menus/menus" and "admin/taxonomy/vocabularies" endpoints until the update is applied. Avoid using user-supplied input for the title field in these endpoints to minimize the risk of exploitation.