Rukovoditel: >> Rukovoditel Security Vulnerabilities
Rukovoditel before 3.5.3 allows XSS via user_photo to My Page.
CVSS Score
6.1
EPSS Score
0.003
Published
2024-05-04
Rukovoditel before 3.5.3 allows XSS via user_photo to index.php?module=users/registration&action=save.
CVSS Score
7.1
EPSS Score
0.009
Published
2024-05-04
Rukovoditel v3.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the component /rukovoditel/index.php?module=dashboard/ajax_request.
CVSS Score
9.8
EPSS Score
0.052
Published
2023-01-30
Rukovoditel v3.2.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in the component /rukovoditel/index.php?module=users/login. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-12-05
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.
CVSS Score
5.4
EPSS Score
0.011
Published
2022-12-02
Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the heading_field_id parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-12-02
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Page function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.
CVSS Score
5.4
EPSS Score
0.011
Published
2022-12-02
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature at /index.php?module=entities/listing_types&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note field after clicking "Add".
CVSS Score
5.4
EPSS Score
0.011
Published
2022-12-02
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature at/index.php?module=entities/entities_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add".
CVSS Score
5.4
EPSS Score
0.017
Published
2022-12-02
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Short Name field.
CVSS Score
5.4
EPSS Score
0.017
Published
2022-12-02
Page 1