Vulnerabilities > Rukovoditel > Rukovoditel > 2.7.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-18 | CVE-2020-13590 | SQL Injection vulnerability in Rukovoditel 2.7.2 Multiple exploitable SQL injection vulnerabilities exist in the 'entities/fields' page of the Rukovoditel Project Management App 2.7.2. | 6.5 |
| 2021-08-17 | CVE-2020-13588 | SQL Injection vulnerability in Rukovoditel 2.7.2 An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. | 8.8 |
| 2021-08-17 | CVE-2020-13589 | SQL Injection vulnerability in Rukovoditel 2.7.2 An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. | 8.8 |
| 2021-07-09 | CVE-2020-35984 | Cross-site Scripting vulnerability in Rukovoditel 2.7.2 A stored cross site scripting (XSS) vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter. | 3.5 |
| 2021-07-09 | CVE-2020-35985 | Cross-site Scripting vulnerability in Rukovoditel 2.7.2 A stored cross site scripting (XSS) vulnerability in the 'Global Lists" feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter. | 3.5 |
| 2021-07-09 | CVE-2020-35986 | Cross-site Scripting vulnerability in Rukovoditel 2.7.2 A stored cross site scripting (XSS) vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter. | 3.5 |
| 2021-07-09 | CVE-2020-35987 | Cross-site Scripting vulnerability in Rukovoditel 2.7.2 A stored cross site scripting (XSS) vulnerability in the 'Entities List' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter. | 3.5 |
| 2021-04-09 | CVE-2020-13592 | SQL Injection vulnerability in Rukovoditel 2.7.2 An exploitable SQL injection vulnerability exists in "global_lists/choices" page of the Rukovoditel Project Management App 2.7.2. | 8.8 |
| 2021-04-09 | CVE-2020-13591 | SQL Injection vulnerability in Rukovoditel 2.7.2 An exploitable SQL injection vulnerability exists in the "access_rules/rules_form" page of the Rukovoditel Project Management App 2.7.2. | 8.8 |
| 2021-04-09 | CVE-2020-13587 | SQL Injection vulnerability in Rukovoditel 2.7.2 An exploitable SQL injection vulnerability exists in the "forms_fields_rules/rules" page of the Rukovoditel Project Management App 2.7.2. | 8.8 |