CVE-2019-20789

Croogo before 3.0.7 allows XSS via the title to admin/menus/menus or admin/taxonomy/vocabularies.
Source: NIST
CVE-2019-20789