Vulnerabilities > Rukovoditel > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-09 | CVE-2020-35987 | Cross-site Scripting vulnerability in Rukovoditel 2.7.2 A stored cross site scripting (XSS) vulnerability in the 'Entities List' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter. | 5.4 |
| 2020-09-14 | CVE-2020-21732 | Cross-site Scripting vulnerability in Rukovoditel 2.6 Rukovoditel Project Management app 2.6 is affected by: Cross Site Scripting (XSS). | 6.1 |
| 2020-04-27 | CVE-2020-11822 | Cross-site Scripting vulnerability in Rukovoditel 2.5.2 In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the application structure --> user access groups page. | 6.1 |
| 2020-04-27 | CVE-2020-11821 | Insufficiently Protected Credentials vulnerability in Rukovoditel 2.5.2 In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing. | 5.3 |
| 2020-04-16 | CVE-2020-11813 | Cross-site Scripting vulnerability in Rukovoditel 2.5.2 In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the configuration page via the copyright text input. | 5.4 |
| 2019-05-07 | CVE-2019-7541 | Cross-site Scripting vulnerability in Rukovoditel Rukovoditel through 2.4.1 allows XSS via a URL that lacks a module=users%2flogin substring. | 6.1 |
| 2019-02-05 | CVE-2019-7400 | Cross-site Scripting vulnerability in Rukovoditel Rukovoditel before 2.4.1 allows XSS. | 6.1 |