Amaljafarzade

**Name of the Vulnerable Software and Affected Versions** ReNgine versions through 2.2.0 **Description** ReNgine through version 2.2.0 contains a Stored Cross-Site Scripting (XSS) issue within the Vulnerabilities module. When a target is scanned using an XSS payload, the payload is rendered without proper sanitization in the ReNgine web user interface. This allows for the execution of arbitrary JavaScript code in the browser of a victim. This could potentially lead to the theft of session cookies, unauthorized actions, or compromise of administrator accounts. The vulnerable component renders unsanitized payloads from scans. **Recommendations** Update ReNgine to a version later than 2.2.0.