CVE-2021-41467

Cross-site scripting (XSS) vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt