Rukovoditel: >> Rukovoditel >> 3.2.1 Security Vulnerabilities
A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=global_lists/lists) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add".
CVSS Score
5.4
EPSS Score
0.071
Published
2022-10-28
A stored cross-site scripting (XSS) vulnerability in the Configuration/Holidays module of Rukovoditel v3.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter.
CVSS Score
5.4
EPSS Score
0.048
Published
2022-10-19
Page 3