Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Stored XSS on Admin Panel When Deleting a User in reNgine
Vulnerability Description
reNgine is an automated reconnaissance framework for web applications. A stored cross-site scripting (XSS) vulnerability exists in the admin panel's user management functionality. An attacker can exploit this issue by injecting malicious payloads into the username field during user creation. This vulnerability allows unauthorized script execution whenever the admin views or interacts with the affected user entry, posing a significant risk to sensitive admin functionalities. This issue affects all versions up to and including 2.20. Users are advised to monitor the project for future releases which address this issue. There are no known workarounds.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
reNgine 跨站脚本漏洞
Vulnerability Description
reNgine是Yogesh Ojha个人开发者的一个用于 Web 应用程序的自动侦察框架。专注于通过引擎、侦察数据关联和组织、持续监控、由数据库和简单而直观的用户界面支持的高度可配置的流线型侦察过程。 reNgine 2.2.0及之前版本存在跨站脚本漏洞,该漏洞源于存在存储型跨站脚本(XSS)漏洞,允许在管理员查看或与受影响的用户条目交互时执行未经授权的脚本,对敏感的管理功能构成重大风险。
CVSS Information
N/A
Vulnerability Type
N/A