Xfiftyone

**Name of the Vulnerable Software and Affected Versions** engineercms version 1.03 **Description** The issue concerns a lack of escaping in the `nickname` field on the user list page, allowing for Cross Site Scripting (XSS) attacks. When this page is viewed, any JavaScript code entered into this field will be executed in the user's browser. **Recommendations** For engineercms version 1.03, consider implementing proper escaping for the `nickname` field to prevent XSS attacks. As a temporary workaround, restrict user input in the `nickname` field to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.