Vulnerabilities > Rukovoditel > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-12-02 CVE-2022-44944 Cross-site Scripting vulnerability in Rukovoditel 3.2.1
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages&entities_id=24.
network
low complexity
rukovoditel CWE-79
5.4
5.4
2022-12-02 CVE-2022-44946 Cross-site Scripting vulnerability in Rukovoditel 3.2.1
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Page function at /index.php?module=help_pages/pages&entities_id=24.
network
low complexity
rukovoditel CWE-79
5.4
5.4
2022-12-02 CVE-2022-44947 Cross-site Scripting vulnerability in Rukovoditel 3.2.1
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature at /index.php?module=entities/listing_types&entities_id=24.
network
low complexity
rukovoditel CWE-79
5.4
5.4
2022-12-02 CVE-2022-44948 Cross-site Scripting vulnerability in Rukovoditel 3.2.1
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature at/index.php?module=entities/entities_groups.
network
low complexity
rukovoditel CWE-79
5.4
5.4
2022-12-02 CVE-2022-44949 Cross-site Scripting vulnerability in Rukovoditel 3.2.1
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24.
network
low complexity
rukovoditel CWE-79
5.4
5.4
2022-12-02 CVE-2022-44950 Cross-site Scripting vulnerability in Rukovoditel 3.2.1
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24.
network
low complexity
rukovoditel CWE-79
5.4
5.4
2022-12-02 CVE-2022-44951 Cross-site Scripting vulnerability in Rukovoditel 3.2.1
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Form tab function at /index.php?module=entities/forms&entities_id=24.
network
low complexity
rukovoditel CWE-79
5.4
5.4
2022-12-02 CVE-2022-44952 Cross-site Scripting vulnerability in Rukovoditel 3.2.1
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application.
network
low complexity
rukovoditel CWE-79
5.4
5.4
2022-10-28 CVE-2022-43164 Cross-site Scripting vulnerability in Rukovoditel 3.2.1
A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=global_lists/lists) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add".
network
low complexity
rukovoditel CWE-79
5.4
5.4
2022-10-28 CVE-2022-43165 Cross-site Scripting vulnerability in Rukovoditel 3.2.1
A stored cross-site scripting (XSS) vulnerability in the Global Variables feature (/index.php?module=global_vars/vars) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Value parameter after clicking "Create".
network
low complexity
rukovoditel CWE-79
5.4
5.4