CVE-2025-61319

Medium CVSS: 6.1

ReNgine thru 2.2.0 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability in the Vulnerabilities module. When scanning a target with an XSS payload, the unsanitized payload is rendered in the ReNgine web UI, resulting in arbitrary JavaScript execution in the victim's browser. This can be abused to steal session cookies, perform unauthorized actions, or compromise the ReNgine administrator's account.

Vendor

Yogeshojha

Product

Rengine

CWE

CWE-79

Yayın Tarihi

2025-10-10 14:15:43

Güncelleme

2026-01-16 20:57:05

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Rengine MEDIUM Yogeshojha 2025

Referanslar

https://github.com/AmalJafarzade/CVE-2025-61319/ https://github.com/yogeshojha/rengine

Benzer Kayıtlar

High

CVE-2024-58287

reNgine 2.2.0 contains a command injection vulnerability in the nmap_cmd parameter of scan engine configuration that all…

Medium

CVE-2025-24966

reNgine is an automated reconnaissance framework for web applications. HTML Injection occurs when an application imprope…

High

CVE-2025-24967

reNgine is an automated reconnaissance framework for web applications. A stored cross-site scripting (XSS) vulnerability…

High

CVE-2025-24968

reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability al…

High

CVE-2025-24962

reNgine is an automated reconnaissance framework for web applications. In affected versions a user can inject commands v…

High

CVE-2025-24899

reNgine is an automated reconnaissance framework for web applications. A vulnerability was discovered in reNgine, where…