CVE-2025-24966

Name of the Vulnerable Software and Affected Versions: reNgine versions up to and including 2.2.0

Description: The issue occurs due to improper validation or sanitization of user inputs in the "Add Target" functionality, allowing attackers to inject arbitrary HTML code. The injected HTML is rendered and executed in the target area, potentially leading to malicious actions. This can compromise the application's integrity and user trust, allowing attackers to execute unauthorized actions, steal sensitive information, or trick users into performing harmful actions. The organization's reputation, customer trust, and regulatory compliance could be negatively affected.

Recommendations: For versions up to and including 2.2.0, users are advised to monitor the project for future releases which address this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.