Vulnerabilities > Loomio

DATE	CVE	VULNERABILITY TITLE	RISK
2024-02-20	CVE-2024-1297	OS Command Injection vulnerability in Loomio 2.22.0 Loomio version 2.22.0 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to OS Command Injection. network low complexity loomio CWE-78 critical	9.8
2017-07-24	CVE-2017-11594	Cross-site Scripting vulnerability in Loomio Cross-site scripting (XSS) vulnerability in the Markdown parser in Loomio before 1.8.0 allows remote attackers to inject arbitrary web script or HTML via non-sanitized Markdown content in a new thread or a thread comment. network low complexity loomio CWE-79	5.4

Vulnerabilities > Loomio {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Loomio"}]}