Loomio

loomio

2 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Loomio

loomio

2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-1297 1Loomio 1Loomio Apr 20, 2026 Feb 20, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Loomio version 2.22.0 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to OS Command Injection.
CVE-2017-11594 1Loomio 1Loomio May 13, 2026 Jul 24, 2017 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in the Markdown parser in Loomio before 1.8.0 allows remote attackers to inject arbitrary web script or HTML via non-sanitized Markdown content in a new thread or a thread comment...Show more Cross-site scripting (XSS) vulnerability in the Markdown parser in Loomio before 1.8.0 allows remote attackers to inject arbitrary web script or HTML via non-sanitized Markdown content in a new thread or a thread comment.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2024-1297

1Loomio

Apr 20, 2026

Feb 20, 2024

N/A· v4

9.8 CRITICAL· v3

N/A· v2

Loomio version 2.22.0 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to OS Command Injection.

CVE-2017-11594

1Loomio

May 13, 2026

Jul 24, 2017

N/A· v4

5.4 MEDIUM· v3

3.5 LOW· v2

Cross-site scripting (XSS) vulnerability in the Markdown parser in Loomio before 1.8.0 allows remote attackers to inject arbitrary web script or HTML via non-sanitized Markdown content in a new thread or a thread comment...Show more