4.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
21.9%
enhavo 0.4.0 has XSS via a user-group that contains executable JavaScript code in the user-group name. The XSS attack launches when a victim visits the admin user group page.
github.com/enhavo/enhavo/issues/459