Balero CMS version 0.7.2 suffers from cross site scripting and html injection vulnerabilities.