CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-35986

A stored cross site scripting (XSS) vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.022

EPSS Ranking 83.8%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

https://github.com/r0ck3t1973/rukovoditel/issues/2
https://github.com/r0ck3t1973/rukovoditel/issues/2

Products affected by CVE-2020-35986

Rukovoditel » Rukovoditel » Version: 2.7.2

cpe:2.3:a:rukovoditel:rukovoditel:2.7.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-35986

Products

Pricing

Contact Us