3 matches found
CVE-2022-43185
A stored cross-site scripting XSS vulnerability in the Configuration/Holidays module of Rukovoditel v3.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter...
CVE-2022-43185
A stored cross-site scripting XSS vulnerability in the Configuration/Holidays module of Rukovoditel v3.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter...
CVE-2022-43185
Summary (confirmed details): Rukovoditel version 3.2.1 contains a stored XSS vulnerability in the application that can be triggered via the Name parameter in data-entry workflows. The most concrete reference points to the Global Lists feature (index.php?module=global_lists/lists) where an authent...