CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-35984

A stored cross site scripting (XSS) vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.016

EPSS Ranking 81.2%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

https://github.com/r0ck3t1973/rukovoditel/issues/4
https://github.com/r0ck3t1973/rukovoditel/issues/4

Products affected by CVE-2020-35984

Rukovoditel » Rukovoditel » Version: 2.7.2

cpe:2.3:a:rukovoditel:rukovoditel:2.7.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-35984

Products

Pricing

Contact Us