razorCMS 3.4.7 allows HTML injection via the description of the homepage within the settings component.
razorcms razorcms 3.4.7