Name of the Vulnerable Software and Affected Versions: No specific software or version information is provided.

Description: The issue arises from improper encoding of user input, making the login status display susceptible to cross-site scripting in the website frontend. To exploit this, a valid user account is required, which could be either a backend user or a frontend user with the ability to modify their user profile. Specifically, template patterns are affected, including FEUSER [fieldName] using the system extension felogin and <!--USERNAME--> for regular frontend rendering, where the pattern can be individually defined using the TypoScript setting config.USERNAME substToken.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.