Cross site scripting

2020-04-1619:15:00

PRIOn knowledge base

www.prio-n.com

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.7%

JSON

In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the configuration page via the copyright text input. Thus, an attacker can inject a malicious script to steal all users’ valuable data. This copyright text is on every page so this attack vector can be very dangerous.

CPENameOperatorVersion
rukovoditeleq2.5.2

CPE	Name	Operator	Version
	rukovoditel	eq	2.5.2

References

fatihhcelik.blogspot.com/2020/01/rukovoditel-stored-xss.html