Lucene search
K

19 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:28 a.m.11 views

CVE-2022-48175

Rukovoditel v3.2.1 was discovered to contain a remote code execution RCE vulnerability in the component /rukovoditel/index.php?module=dashboard/ajaxrequest...

9.8CVSS8.3AI score0.0174EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 12:15 a.m.10 views

CVE-2022-44945

Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the headingfieldid parameter...

9.8CVSS8.3AI score0.00894EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:15 a.m.7 views

CVE-2022-44950

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Add New Field function at /index.php?module=entities/fieldsid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...

5.4CVSS5.8AI score0.0094EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:15 a.m.6 views

CVE-2022-44947

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Highlight Row feature at /index.php?module=entities/listingtypesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note fiel...

5.4CVSS5.8AI score0.00964EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:58 p.m.5 views

CVE-2022-43288

Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the orderby parameter at /rukovoditel/index.php?module=logs/view=php...

8.8CVSS8.3AI score0.00826EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:36 p.m.8 views

CVE-2022-44946

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Add Page function at /index.php?module=helppages/pagesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field...

5.4CVSS5.8AI score0.01049EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:26 p.m.6 views

CVE-2021-30224

Cross Site Request Forgery CSRF in Rukovoditel v2.8.3 allows attackers to create an admin user with an arbitrary credentials...

8.8CVSS7.2AI score0.00689EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:50 p.m.6 views

CVE-2020-11820

Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the entitiesid parameter...

9.8CVSS8AI score0.01838EPSS
Exploits1References1
OSV
OSV
added 2022/12/02 8:15 p.m.6 views

CVE-2022-44944

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Add Announcement function at /index.php?module=helppages/pages&entitiesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the...

5.4CVSS5.9AI score0.01049EPSS
Exploits1References2
OSV
OSV
added 2022/12/02 8:15 p.m.5 views

CVE-2022-44950

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Add New Field function at /index.php?module=entities/fields&entitiesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name...

5.4CVSS5.9AI score0.0094EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/12/02 12:0 a.m.8 views

CVE-2022-44951

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Add New Form tab function at /index.php?module=entities/forms&entitiesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Nam...

5.3AI score0.0094EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2022/12/02 12:0 a.m.7 views

CVE-2022-44946

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Add Page function at /index.php?module=helppages/pages&entitiesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title fiel...

5.8AI score0.01049EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/12/02 12:0 a.m.3 views

PT-2022-27347 · Unknown · Rukovoditel

Name of the Vulnerable Software and Affected Versions: Rukovoditel version 3.2.1 Description: The issue is related to a stored cross-site scripting XSS vulnerability in the Entities Group feature at "/index.php?module=entities/entities groups". This allows attackers to execute arbitrary web scrip...

5.4CVSS5.2AI score0.00906EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2022/12/02 12:0 a.m.5 views

PT-2022-27345 · Unknown · Rukovoditel

Name of the Vulnerable Software and Affected Versions: Rukovoditel version 3.2.1 Description: The issue is related to a stored cross-site scripting XSS vulnerability in the Add Page function at "/index.php?module=help pages/pages&entities id=24". This allows attackers to execute arbitrary web...

5.4CVSS5.3AI score0.01049EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2022/11/14 12:0 a.m.2 views

PT-2022-26830 · Unknown · Rukovoditel

Name of the Vulnerable Software and Affected Versions: Rukovoditel version 3.2.1 Description: A SQL injection issue was found in Rukovoditel via the order by parameter at the "/rukovoditel/index.php?module=logs/view&type=php" endpoint. This allows for potential SQL injection attacks...

8.8CVSS7.6AI score0.00826EPSS
Exploits1References4
OSV
OSV
added 2022/10/28 5:15 p.m.3 views

CVE-2022-43169

A stored cross-site scripting XSS vulnerability in the Users Access Groups feature /index.php?module=usersgroups/usersgroups of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New...

5.4CVSS5.9AI score0.00874EPSS
Exploits1References1
OSV
OSV
added 2022/10/28 5:15 p.m.3 views

CVE-2022-43166

A stored cross-site scripting XSS vulnerability in the Global Entities feature /index.php?module=entities/entities of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New Entity"...

5.4CVSS5.9AI score0.00874EPSS
Exploits1References1
CNVD
CNVD
added 2020/04/28 12:0 a.m.1 views

Unspecified Vulnerability in Rukovoditel

Rukovoditel is a set of Web-based open source project management software from the Rukovoditel team. The software has project management , customer relationship management and other functions . A security vulnerability exists in Rukovoditel version 2.5.2, which stems from the program storing user...

5.3CVSS6.9AI score0.01103EPSS
Exploits1References1
OSV
OSV
added 2020/04/27 3:15 p.m.2 views

CVE-2020-11821

In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing. Thus, an attacker can easily apply brute force on them...

5.3CVSS6.1AI score0.01103EPSS
Exploits1References1
Rows per page
Query Builder