Stored XSS on Import Targets in yogeshojha/rengine
Apr 27th 2022
Hello, When a XSS payload is used as the Add or Import Targets file name, it executes it hence stored XSS is possible.
Proof of Concept
Name a file <img src=x onerror=alert(document.domain)>.txt
Import the file at /target/add/target
You can see it being executed.