Stored XSS in ReNgine <= 2.2.0 — public disclosure# CVE-2025-61319: Stored XSS in ReNgine <= 2.2.0
**Discovered by:** Amal J
**Vendor:** ReNgine
**CVE ID:** CVE-2025-61319
**Status:** RESERVED (Public reference added: pending MITRE update)
---
## Description
A **Stored Cross-Site Scripting (XSS)** vulnerability exists in **ReNgine <= 2.2.0** within the Vulnerabilities module.
When a target is scanned with a malicious payload, the payload is rendered unsanitized in the ReNgine web UI, resulting in arbitrary JavaScript execution in the administrator’s browser.
---
## Impact
- Session hijacking
- UI compromise
- Unauthorized actions on admin session
---
## Proof of Concept (PoC)
1. Scan a URL with payload:
?param="><svg onload=confirm('xss')>
2. After scan completion, open the Vulnerabilities tab in ReNgine and view results.
3. The payload executes in the admin's browser context.
---
## Affected versions
- ReNgine <= 2.2.0
---
## Remediation
Sanitize and escape user-supplied input before rendering scan results.
Implement proper HTML encoding for user-controlled output in the Vulnerabilities tab.
---
## References
- [Official ReNgine Repository](https://github.com/yogeshojha/rengine)
[4.0K] /data/pocs/55bb4115754bf780e9520213ca8fe978adae5e54
└── [1.2K] README.md
1 directory, 1 file