5 matches found
CVE-2020-18469
Stored cross-site scripting XSS vulnerability in the Copyright Text field found in the Application page under the Configuration menu in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to...
CVE-2020-18469
Stored cross-site scripting XSS vulnerability in the Copyright Text field found in the Application page under the Configuration menu in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to...
CVE-2020-18470
Stored cross-site scripting XSS vulnerability in the Name of application field found in the General Configuration page in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to...
CVE-2020-18470
CVE-2020-18470 affects Rukovoditel 2.4.1. It is a stored XSS in the Name of application field on the General Configuration page, exploitable by an authenticated POST to rukovoditel_2.4.1/install/index.php. The vulnerability allows injection of arbitrary script/HTML through a crafted website name....
CVE-2020-18469
Stored cross-site scripting XSS vulnerability in the Copyright Text field found in the Application page under the Configuration menu in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to...