Croogo before 3.0.7 allows XSS via the title to admin/menus/menus or admin/taxonomy/vocabularies.
| Software | From | Fixed in |
|---|---|---|
| croogo / croogo | - | 3.0.6.x |
croogo / croogo
|
- | 3.0.7 |