Irfan

**Name of the Vulnerable Software and Affected Versions** Galileo CMS version 0.042 **Description** The issue concerns stored cross-site scripting (XSS) that allows remote authenticated users to inject arbitrary web script or HTML via the `$page title` variable in the `/lib/Galileo/files/templates/page/show.html.ep` template, also known as the PAGE TITLE Field. This could potentially lead to the execution of malicious scripts on the client-side. **Recommendations** For Galileo CMS version 0.042, consider restricting access to the `$page title` variable in the `/lib/Galileo/files/templates/page/show.html.ep` template to minimize the risk of exploitation. As a temporary workaround, avoid using the `$page title` variable in the affected template until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.