CVE-2021-21319

Name of the Vulnerable Software and Affected Versions Galette versions prior to 0.9.5

Description Galette is a membership management web application geared towards non-profit organizations. In affected versions, malicious javascript code can be stored to be displayed later on the self-subscription page. Additionally, malicious javascript code can be executed on login and retrieve password pages.

Recommendations For versions prior to 0.9.5, update to version 0.9.5 to resolve the issue. As a temporary workaround, consider disabling the self-subscription feature, which is the default state.