CVE-2025-61319

Name of the Vulnerable Software and Affected Versions ReNgine versions through 2.2.0

Description ReNgine through version 2.2.0 contains a Stored Cross-Site Scripting (XSS) issue within the Vulnerabilities module. When a target is scanned using an XSS payload, the payload is rendered without proper sanitization in the ReNgine web user interface. This allows for the execution of arbitrary JavaScript code in the browser of a victim. This could potentially lead to the theft of session cookies, unauthorized actions, or compromise of administrator accounts. The vulnerable component renders unsanitized payloads from scans.

Recommendations Update ReNgine to a version later than 2.2.0.