Rukovoditel: >> Rukovoditel >> 2.8.3 Security Vulnerabilities
Rukovoditel before 3.5.3 allows XSS via user_photo to My Page.
CVSS Score
6.1
EPSS Score
0.003
Published
2024-05-04
Rukovoditel before 3.5.3 allows XSS via user_photo to index.php?module=users/registration&action=save.
CVSS Score
7.1
EPSS Score
0.009
Published
2024-05-04
Cross Site Request Forgery (CSRF) in Rukovoditel v2.8.3 allows attackers to create an admin user with an arbitrary credentials.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-04-29