Vulnerabilities > Rukovoditel > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-28 | CVE-2022-43166 | Cross-site Scripting vulnerability in Rukovoditel 3.2.1 A stored cross-site scripting (XSS) vulnerability in the Global Entities feature (/index.php?module=entities/entities) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New Entity". | 5.4 |
| 2022-10-28 | CVE-2022-43167 | Cross-site Scripting vulnerability in Rukovoditel 3.2.1 A stored cross-site scripting (XSS) vulnerability in the Users Alerts feature (/index.php?module=users_alerts/users_alerts) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add". | 5.4 |
| 2022-10-28 | CVE-2022-43169 | Cross-site Scripting vulnerability in Rukovoditel 3.2.1 A stored cross-site scripting (XSS) vulnerability in the Users Access Groups feature (/index.php?module=users_groups/users_groups) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New Group". | 5.4 |
| 2022-10-28 | CVE-2022-43170 | Cross-site Scripting vulnerability in Rukovoditel 3.2.1 A stored cross-site scripting (XSS) vulnerability in the Dashboard Configuration feature (index.php?module=dashboard_configure/index) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add info block". | 5.4 |
| 2022-10-19 | CVE-2022-43185 | Cross-site Scripting vulnerability in Rukovoditel 3.2.1 A stored cross-site scripting (XSS) vulnerability in the Configuration/Holidays module of Rukovoditel v3.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter. | 5.4 |
| 2021-08-26 | CVE-2020-18469 | Cross-site Scripting vulnerability in Rukovoditel 2.4.1 Stored cross-site scripting (XSS) vulnerability in the Copyright Text field found in the Application page under the Configuration menu in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to /rukovoditel_2.4.1/index.php?module=configuration/save&redirect_to=configuration/application. | 5.4 |
| 2021-08-26 | CVE-2020-18470 | Cross-site Scripting vulnerability in Rukovoditel 2.4.1 Stored cross-site scripting (XSS) vulnerability in the Name of application field found in the General Configuration page in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to rukovoditel_2.4.1/install/index.php. | 5.4 |
| 2021-07-09 | CVE-2020-35984 | Cross-site Scripting vulnerability in Rukovoditel 2.7.2 A stored cross site scripting (XSS) vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter. | 5.4 |
| 2021-07-09 | CVE-2020-35985 | Cross-site Scripting vulnerability in Rukovoditel 2.7.2 A stored cross site scripting (XSS) vulnerability in the 'Global Lists" feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter. | 5.4 |
| 2021-07-09 | CVE-2020-35986 | Cross-site Scripting vulnerability in Rukovoditel 2.7.2 A stored cross site scripting (XSS) vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter. | 5.4 |