Partywavesec

**Name of the Vulnerable Software and Affected Versions** Galaxy versions prior to the latest patched version **Description** The issue concerns the editor visualization, specifically the "/visualizations" endpoint, which can be used to store HTML tags and trigger javascript execution upon an edit operation. Users are advised to upgrade as there are no known workarounds for this issue. **Recommendations** For all affected versions of Galaxy, upgrade to the latest version that includes the supplied patches to resolve the issue. As a temporary workaround, consider restricting access to the "/visualizations" endpoint until the upgrade is applied.