Kkimonk

**Name of the Vulnerable Software and Affected Versions** Galette versions prior to 0.9.5 **Description** Galette is a membership management web application geared towards non-profit organizations. In affected versions, malicious javascript code can be stored to be displayed later on the self-subscription page. Additionally, malicious javascript code can be executed on login and retrieve password pages. **Recommendations** For versions prior to 0.9.5, update to version 0.9.5 to resolve the issue. As a temporary workaround, consider disabling the self-subscription feature, which is the default state.