Theanm0L

Name of the Vulnerable Software and Affected Versions: reNgine versions prior to 2.20 Description: A stored cross-site scripting (XSS) issue exists in the admin panel's user management functionality, allowing an attacker to inject malicious payloads into the `username` field during user creation. This enables unauthorized script execution when the admin views or interacts with the affected user entry, posing a significant risk to sensitive admin functionalities. Recommendations: For versions prior to 2.20, users are advised to monitor the project for future releases that address this issue. As a temporary workaround, consider restricting access to the user management functionality in the admin panel until a patch is available. Avoid using the `username` field in the affected user management functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.