Rukovoditel: >> Rukovoditel >> 2.4.1 Security Vulnerabilities
Rukovoditel before 3.5.3 allows XSS via user_photo to My Page.
CVSS Score
6.1
EPSS Score
0.003
Published
2024-05-04
Rukovoditel before 3.5.3 allows XSS via user_photo to index.php?module=users/registration&action=save.
CVSS Score
7.1
EPSS Score
0.009
Published
2024-05-04
Stored cross-site scripting (XSS) vulnerability in the Copyright Text field found in the Application page under the Configuration menu in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to /rukovoditel_2.4.1/index.php?module=configuration/save&redirect_to=configuration/application.
CVSS Score
5.4
EPSS Score
0.001
Published
2021-08-26
Stored cross-site scripting (XSS) vulnerability in the Name of application field found in the General Configuration page in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to rukovoditel_2.4.1/install/index.php.
CVSS Score
5.4
EPSS Score
0.001
Published
2021-08-26
Rukovoditel through 2.4.1 allows XSS via a URL that lacks a module=users%2flogin substring.
CVSS Score
6.1
EPSS Score
0.027
Published
2019-05-07