reNgine Stored Cross-Site Scripting Vulnerability in User Management

A stored cross-site scripting vulnerability has been identified in reNgine, an automated reconnaissance framework for web applications. This issue is present in the admin panel's user management feature, affecting all versions through 2.20. The vulnerability arises from inadequate input sanitization in the username field, allowing attackers to inject malicious scripts. These scripts are executed when an admin interacts with the affected user entry, posing a significant risk to sensitive administrative functions.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the admin user. This could lead to theft of session tokens or sensitive information, unauthorized actions being performed as the admin, and potentially compromising the entire application if administrative privileges are escalated.

Reproduction

To reproduce this vulnerability, log into the admin panel and navigate to the 'Add User' section. Enter the required details, and in the username field, inject a script payload, such as an image tag with an 'onerror' event. Once the user is created, go to the user management section, locate the injected user, and attempt to delete them. The injected script will execute, demonstrating the cross-site scripting vulnerability.