The vulnerability of the Configuration/Holidays module in the Rukovoditel customer relationship management system allows a attacker to execute XSS attacks.

The vulnerability of the Configuration/Holidays module in the Rukovoditel customer relationship management system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks...

CVE-2022-43185

A stored cross-site scripting XSS vulnerability in the Configuration/Holidays module of Rukovoditel v3.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter...

CVE-2022-43185

A stored cross-site scripting XSS vulnerability in the Configuration/Holidays module of Rukovoditel v3.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter...

PT-2022-7193 · Unknown · Rukovoditel

Name of the Vulnerable Software and Affected Versions: Rukovoditel version 3.2.1 Description: A stored cross-site scripting XSS issue in the Configuration/Holidays module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter. This can be...