Vulnerabilities > Rukovoditel
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-02 | CVE-2022-44952 | Cross-site Scripting vulnerability in Rukovoditel 3.2.1 Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. | 5.4 |
| 2022-11-14 | CVE-2022-43288 | SQL Injection vulnerability in Rukovoditel 3.2.1 Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the order_by parameter at /rukovoditel/index.php?module=logs/view&type=php. | 8.8 |
| 2022-10-28 | CVE-2022-43164 | Cross-site Scripting vulnerability in Rukovoditel 3.2.1 A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=global_lists/lists) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add". | 5.4 |
| 2022-10-28 | CVE-2022-43165 | Cross-site Scripting vulnerability in Rukovoditel 3.2.1 A stored cross-site scripting (XSS) vulnerability in the Global Variables feature (/index.php?module=global_vars/vars) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Value parameter after clicking "Create". | 5.4 |
| 2022-10-28 | CVE-2022-43166 | Cross-site Scripting vulnerability in Rukovoditel 3.2.1 A stored cross-site scripting (XSS) vulnerability in the Global Entities feature (/index.php?module=entities/entities) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New Entity". | 5.4 |
| 2022-10-28 | CVE-2022-43167 | Cross-site Scripting vulnerability in Rukovoditel 3.2.1 A stored cross-site scripting (XSS) vulnerability in the Users Alerts feature (/index.php?module=users_alerts/users_alerts) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add". | 5.4 |
| 2022-10-28 | CVE-2022-43168 | SQL Injection vulnerability in Rukovoditel 3.2.1 Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the reports_id parameter. | 9.8 |
| 2022-10-28 | CVE-2022-43169 | Cross-site Scripting vulnerability in Rukovoditel 3.2.1 A stored cross-site scripting (XSS) vulnerability in the Users Access Groups feature (/index.php?module=users_groups/users_groups) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New Group". | 5.4 |
| 2022-10-28 | CVE-2022-43170 | Cross-site Scripting vulnerability in Rukovoditel 3.2.1 A stored cross-site scripting (XSS) vulnerability in the Dashboard Configuration feature (index.php?module=dashboard_configure/index) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add info block". | 5.4 |
| 2022-10-19 | CVE-2022-43185 | Cross-site Scripting vulnerability in Rukovoditel 3.2.1 A stored cross-site scripting (XSS) vulnerability in the Configuration/Holidays module of Rukovoditel v3.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter. | 5.4 |