Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Loomio
(Loomio)| Repositories | https://github.com/loomio/loomio |
| #Vulnerabilities | 2 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-02-20 | CVE-2024-1297 | Loomio version 2.22.0 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to OS Command Injection. | Loomio | 9.8 | ||
| 2017-07-23 | CVE-2017-11594 | Cross-site scripting (XSS) vulnerability in the Markdown parser in Loomio before 1.8.0 allows remote attackers to inject arbitrary web script or HTML via non-sanitized Markdown content in a new thread or a thread comment. | Loomio | 5.4 |