CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-35985

A stored cross site scripting (XSS) vulnerability in the 'Global Lists" feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.051

EPSS Ranking 89.4%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

https://github.com/r0ck3t1973/rukovoditel/issues/3
https://github.com/r0ck3t1973/rukovoditel/issues/3

Products affected by CVE-2020-35985

Rukovoditel » Rukovoditel » Version: 2.7.2

cpe:2.3:a:rukovoditel:rukovoditel:2.7.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-35985

Products

Pricing

Contact Us