CVE-2015-1053

Cross-site scripting (XSS) vulnerability in the administrative backend in Croogo before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to admin/file_manager/file_manager/editfile.

Date published : 2015-01-16

http://www.securityfocus.com/bid/71999

https://blog.croogo.org/blog/croogo-221-released