CVE-2021-27677

Name of the Vulnerable Software and Affected Versions Batflat CMS version 1.3.6

Description The issue allows remote attackers to inject arbitrary web script or HTML via the field name variable, potentially leading to cross-site scripting (XSS) attacks. This could enable attackers to execute malicious scripts on the victim's browser.

Recommendations For Batflat CMS version 1.3.6, update to a version that fixes the XSS vulnerability in Galleries, ensuring that user input in the field name is properly sanitized to prevent code injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.