Shodan
Vulnerabilities
Vulnerable Software
Rukovoditel:  >> Rukovoditel  Security Vulnerabilities
CVE-2023-53913
Rukovoditel 3.3.1 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into the firstname field. Attackers can craft payloads like =calc|a!z| to trigger code execution when an admin exports customer data as a CSV file.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-12-17
CVE-2023-53898
Rukovoditel 3.4.1 contains a stored cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts. Attackers can insert iframe and script payloads in application copyright text to execute arbitrary JavaScript in victim browsers.
CVSS Score
4.6
EPSS Score
0.0
Published
2025-12-16
CVE-2023-53897
Rukovoditel 3.4.1 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts. Attackers can insert XSS payloads in project task comments to execute arbitrary JavaScript in victim browsers.
CVSS Score
4.6
EPSS Score
0.0
Published
2025-12-16
CVE-2024-34468
Rukovoditel before 3.5.3 allows XSS via user_photo to My Page.
CVSS Score
6.1
EPSS Score
0.005
Published
2024-05-04
CVE-2024-34469
Rukovoditel before 3.5.3 allows XSS via user_photo to index.php?module=users/registration&action=save.
CVSS Score
7.1
EPSS Score
0.012
Published
2024-05-04
CVE-2022-48175
Rukovoditel v3.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the component /rukovoditel/index.php?module=dashboard/ajax_request.
CVSS Score
9.8
EPSS Score
0.069
Published
2023-01-30
CVE-2022-45020
Rukovoditel v3.2.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in the component /rukovoditel/index.php?module=users/login. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-12-05
CVE-2022-44944
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.
CVSS Score
5.4
EPSS Score
0.011
Published
2022-12-02
CVE-2022-44945
Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the heading_field_id parameter.
CVSS Score
9.8
EPSS Score
0.009
Published
2022-12-02
CVE-2022-44946
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Page function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.
CVSS Score
5.4
EPSS Score
0.011
Published
2022-12-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved