Joshua

**Name of the Vulnerable Software and Affected Versions** Galette versions prior to 0.9.6 **Description** Galette is a membership management web application built for non-profit organizations and released under GPLv3. It is subject to stored cross-site scripting attacks via the preferences footer, which can only be altered by a site admin. **Recommendations** For versions prior to 0.9.6, upgrade to version 0.9.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the preferences footer to minimize the risk of exploitation.