Rukovoditel
by Rukovoditel
Source repositories
CVEs (52)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-7541 | Med | 0.43 | 6.1 | 0.03 | May 7, 2019 | Rukovoditel through 2.4.1 allows XSS via a URL that lacks a module=users%2flogin substring. | ||
| CVE-2019-7400 | Med | 0.43 | 6.1 | 0.06 | Feb 5, 2019 | Rukovoditel before 2.4.1 allows XSS. | ||
| CVE-2020-21732 | Med | 0.40 | 6.1 | 0.01 | Sep 14, 2020 | Rukovoditel Project Management app 2.6 is affected by: Cross Site Scripting (XSS). An attacker can add JavaScript code to the filename. | ||
| CVE-2020-11822 | Med | 0.40 | 6.1 | 0.01 | Apr 27, 2020 | In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the application structure --> user access groups page. Thus, an attacker can inject malicious script to steal all users' valuable data. | ||
| CVE-2022-44952 | Med | 0.35 | 5.4 | 0.01 | Dec 2, 2022 | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Copyright Text… | ||
| CVE-2022-44951 | Med | 0.35 | 5.4 | 0.01 | Dec 2, 2022 | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Form tab function at /index.php?module=entities/forms&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload… | ||
| CVE-2022-44950 | Med | 0.35 | 5.4 | 0.01 | Dec 2, 2022 | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload… | ||
| CVE-2022-44949 | Med | 0.35 | 5.4 | 0.01 | Dec 2, 2022 | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload… | ||
| CVE-2022-44948 | Med | 0.35 | 5.4 | 0.01 | Dec 2, 2022 | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature at/index.php?module=entities/entities_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected… | ||
| CVE-2022-44947 | Med | 0.35 | 5.4 | 0.01 | Dec 2, 2022 | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature at /index.php?module=entities/listing_types&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted… | ||
| CVE-2022-44946 | Med | 0.35 | 5.4 | 0.01 | Dec 2, 2022 | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Page function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload… | ||
| CVE-2022-44944 | Med | 0.35 | 5.4 | 0.01 | Dec 2, 2022 | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted… | ||
| CVE-2022-43170 | Med | 0.35 | 5.4 | 0.01 | Oct 28, 2022 | A stored cross-site scripting (XSS) vulnerability in the Dashboard Configuration feature (index.php?module=dashboard_configure/index) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title… | ||
| CVE-2022-43169 | Med | 0.35 | 5.4 | 0.01 | Oct 28, 2022 | A stored cross-site scripting (XSS) vulnerability in the Users Access Groups feature (/index.php?module=users_groups/users_groups) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter… | ||
| CVE-2022-43167 | Med | 0.35 | 5.4 | 0.01 | Oct 28, 2022 | A stored cross-site scripting (XSS) vulnerability in the Users Alerts feature (/index.php?module=users_alerts/users_alerts) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after… | ||
| CVE-2022-43166 | Med | 0.35 | 5.4 | 0.01 | Oct 28, 2022 | A stored cross-site scripting (XSS) vulnerability in the Global Entities feature (/index.php?module=entities/entities) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after… | ||
| CVE-2022-43165 | Med | 0.35 | 5.4 | 0.01 | Oct 28, 2022 | A stored cross-site scripting (XSS) vulnerability in the Global Variables feature (/index.php?module=global_vars/vars) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Value parameter after… | ||
| CVE-2022-43164 | Med | 0.35 | 5.4 | 0.01 | Oct 28, 2022 | A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=global_lists/lists) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after… | ||
| CVE-2022-43185 | Med | 0.35 | 5.4 | 0.01 | Oct 19, 2022 | A stored cross-site scripting (XSS) vulnerability in the Configuration/Holidays module of Rukovoditel v3.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter. | ||
| CVE-2020-18470 | Med | 0.35 | 5.4 | 0.01 | Aug 26, 2021 | Stored cross-site scripting (XSS) vulnerability in the Name of application field found in the General Configuration page in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to… |
- risk 0.43cvss 6.1epss 0.03
Rukovoditel through 2.4.1 allows XSS via a URL that lacks a module=users%2flogin substring.
- risk 0.43cvss 6.1epss 0.06
Rukovoditel before 2.4.1 allows XSS.
- risk 0.40cvss 6.1epss 0.01
Rukovoditel Project Management app 2.6 is affected by: Cross Site Scripting (XSS). An attacker can add JavaScript code to the filename.
- risk 0.40cvss 6.1epss 0.01
In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the application structure --> user access groups page. Thus, an attacker can inject malicious script to steal all users' valuable data.
- risk 0.35cvss 5.4epss 0.01
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Copyright Text…
- risk 0.35cvss 5.4epss 0.01
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Form tab function at /index.php?module=entities/forms&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload…
- risk 0.35cvss 5.4epss 0.01
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload…
- risk 0.35cvss 5.4epss 0.01
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload…
- risk 0.35cvss 5.4epss 0.01
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature at/index.php?module=entities/entities_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected…
- risk 0.35cvss 5.4epss 0.01
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature at /index.php?module=entities/listing_types&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted…
- risk 0.35cvss 5.4epss 0.01
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Page function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload…
- risk 0.35cvss 5.4epss 0.01
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted…
- risk 0.35cvss 5.4epss 0.01
A stored cross-site scripting (XSS) vulnerability in the Dashboard Configuration feature (index.php?module=dashboard_configure/index) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title…
- risk 0.35cvss 5.4epss 0.01
A stored cross-site scripting (XSS) vulnerability in the Users Access Groups feature (/index.php?module=users_groups/users_groups) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter…
- risk 0.35cvss 5.4epss 0.01
A stored cross-site scripting (XSS) vulnerability in the Users Alerts feature (/index.php?module=users_alerts/users_alerts) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after…
- risk 0.35cvss 5.4epss 0.01
A stored cross-site scripting (XSS) vulnerability in the Global Entities feature (/index.php?module=entities/entities) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after…
- risk 0.35cvss 5.4epss 0.01
A stored cross-site scripting (XSS) vulnerability in the Global Variables feature (/index.php?module=global_vars/vars) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Value parameter after…
- risk 0.35cvss 5.4epss 0.01
A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=global_lists/lists) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after…
- risk 0.35cvss 5.4epss 0.01
A stored cross-site scripting (XSS) vulnerability in the Configuration/Holidays module of Rukovoditel v3.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter.
- risk 0.35cvss 5.4epss 0.01
Stored cross-site scripting (XSS) vulnerability in the Name of application field found in the General Configuration page in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to…
Page 2 of 3