CVE-2021-27940
OpenArk Orchestrator before version 3.2.4 is vulnerable to cross‑site scripting via the orchestrator-msg parameter in resources/public/js/orchestrator.js. The issue is documented across multiple sources (including CVE-2021-27940 and Red Hat/GHSA entries) and is addressed by upgrading to version 3...