azuracast/azuracast is vulnerable to Stored Cross-site Scripting (XSS). The vulnerability exists in main.phtml
because the user display name in the menu is not properly escaped before being rendered, allowing an attacker to inject and execute malicious JavaScript through the display name.