Quokka is a content management framework written in Python. version 0.4.0 of Quokka is vulnerable to a cross-site scripting vulnerability. An attacker can exploit the vulnerability to execute arbitrary code via the Username parameter in the quokka/admin/actions.py component.