Rukovoditel: >> Rukovoditel >> 3.3.1 Security Vulnerabilities
Rukovoditel 3.3.1 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into the firstname field. Attackers can craft payloads like =calc|a!z| to trigger code execution when an admin exports customer data as a CSV file.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-12-17
Rukovoditel before 3.5.3 allows XSS via user_photo to My Page.
CVSS Score
6.1
EPSS Score
0.005
Published
2024-05-04
Rukovoditel before 3.5.3 allows XSS via user_photo to index.php?module=users/registration&action=save.
CVSS Score
7.1
EPSS Score
0.012
Published
2024-05-04