Loomio
by Loomio
Source repositories
CVEs (2)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-1297 | Hig | 0.40 | 7.2 | 0.02 | Feb 20, 2024 | Loomio version 2.22.0 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to OS Command Injection. | |
| CVE-2017-11594 | Med | 0.35 | 5.4 | 0.00 | Jul 24, 2017 | Cross-site scripting (XSS) vulnerability in the Markdown parser in Loomio before 1.8.0 allows remote attackers to inject arbitrary web script or HTML via non-sanitized Markdown content in a new thread or a thread comment. |