2 matches found
CVE-2022-43166
A stored cross-site scripting XSS vulnerability in the Global Entities feature /index.php?module=entities/entities of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New Entity"...
CVE-2022-43166
CVE-2022-43166 describes a stored XSS in Rukovoditel v3.2.1. The vulnerability is in the Global Entities feature (URL path /index.php?module=entities/entities) and is exploitable by authenticated users via a crafted payload injected into the Name parameter after selecting “Add New Entity.” The un...