Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Latte is an open source template engine for PHP. Users unable to upgrade should not accept template input from untrusted sources.
All versions starting from 2.8.0 before 2.8.8, all versions starting from 2.9.0 before 2.9.6, all versions starting from 2.10.0 before 2.10.8
Upgrade to versions 2.8.8, 2.9.6, 2.10.8 or above.