Passer6Yo

**Name of the Vulnerable Software and Affected Versions** Valine version 1.3.3 **Description** An issue in Valine allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file. **Recommendations** For Valine version 1.3.3, consider disabling the ability to embed files, especially .pdf files, until a patch is available to prevent HTML injection and potential JavaScript execution.