Vulnerabilities > Rukovoditel

DATE CVE VULNERABILITY TITLE RISK
2021-08-26 CVE-2020-18469 Cross-site Scripting vulnerability in Rukovoditel 2.4.1
Stored cross-site scripting (XSS) vulnerability in the Copyright Text field found in the Application page under the Configuration menu in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to /rukovoditel_2.4.1/index.php?module=configuration/save&redirect_to=configuration/application.
3.5
2021-08-26 CVE-2020-18470 Cross-site Scripting vulnerability in Rukovoditel 2.4.1
Stored cross-site scripting (XSS) vulnerability in the Name of application field found in the General Configuration page in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to rukovoditel_2.4.1/install/index.php.
3.5
2021-08-17 CVE-2020-13588 SQL Injection vulnerability in Rukovoditel 2.7.2
An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2.
6.8
2021-08-17 CVE-2020-13589 SQL Injection vulnerability in Rukovoditel 2.7.2
An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2.
6.8
2021-07-09 CVE-2020-35984 Cross-site Scripting vulnerability in Rukovoditel 2.7.2
A stored cross site scripting (XSS) vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter.
3.5
2021-07-09 CVE-2020-35985 Cross-site Scripting vulnerability in Rukovoditel 2.7.2
A stored cross site scripting (XSS) vulnerability in the 'Global Lists" feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.
3.5
2021-07-09 CVE-2020-35986 Cross-site Scripting vulnerability in Rukovoditel 2.7.2
A stored cross site scripting (XSS) vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.
3.5
2021-07-09 CVE-2020-35987 Cross-site Scripting vulnerability in Rukovoditel 2.7.2
A stored cross site scripting (XSS) vulnerability in the 'Entities List' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.
3.5
2021-04-29 CVE-2021-30224 Cross-Site Request Forgery (CSRF) vulnerability in Rukovoditel 2.8.3
Cross Site Request Forgery (CSRF) in Rukovoditel v2.8.3 allows attackers to create an admin user with an arbitrary credentials.
6.8
2021-04-09 CVE-2020-13592 SQL Injection vulnerability in Rukovoditel Project Management 2.7.2
An exploitable SQL injection vulnerability exists in "global_lists/choices" page of the Rukovoditel Project Management App 2.7.2.
6.8