CVE-2022-4068

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions.

Description The issue allows a user to enable their own account even if it was disabled by an admin, as long as the user still holds a valid session. Additionally, there is a problem with the sanitization of the username in the admin user overview, which enables an XSS attack. This attack allows an attacker with low privilege user access to execute arbitrary JavaScript in the context of an admin's account.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.