Product
userSpice 4.3.24 contains a username enumeration vulnerability, allowing unauthenticated attackers to discover valid usernames by sending POST requests to the existingUsernameCheck.php endpoint and analyzing the response for the 'taken' string.