A cross-site scripting vulnerability exists in versions of Belloo prior to 4.2.7.7, which allows attackers to filter user-supplied data and output data via the aerror_ description parameter in the assets/sources/instagram.php script. description parameter in the assets/sources/instagram.php script lacks a data validation filter for user-supplied data and output. An attacker could exploit this vulnerability to execute JavaScript code on the client side.