CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-35987

A stored cross site scripting (XSS) vulnerability in the 'Entities List' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.016

EPSS Ranking 81.0%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

https://github.com/r0ck3t1973/rukovoditel/issues/1
https://github.com/r0ck3t1973/rukovoditel/issues/1

Products affected by CVE-2020-35987

Rukovoditel » Rukovoditel » Version: 2.7.2

cpe:2.3:a:rukovoditel:rukovoditel:2.7.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-35987

Products

Pricing

Contact Us