1. Critical Stored XSS in Admin Panel: User Data Rendered via innerHTML Without Escaping
A critical stored cross-site scripting (XSS) vulnerability exists in the administrative interface, allowing an attacker with access to the admin panel to inject malicious JavaScript via user profile fields. The flaw is located in the `templates/users.html` file, where user data such as usernames and emails are rendered...