5 matches found
CVE-2022-44945
Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the headingfieldid parameter...
CVE-2022-44946
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Add Page function at /index.php?module=helppages/pagesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field...
CVE-2022-44946
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Add Page function at /index.php?module=helppages/pages&entitiesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title fiel...
PT-2022-27345 · Unknown · Rukovoditel
Name of the Vulnerable Software and Affected Versions: Rukovoditel version 3.2.1 Description: The issue is related to a stored cross-site scripting XSS vulnerability in the Add Page function at "/index.php?module=help pages/pages&entities id=24". This allows attackers to execute arbitrary web...
PT-2022-26830 · Unknown · Rukovoditel
Name of the Vulnerable Software and Affected Versions: Rukovoditel version 3.2.1 Description: A SQL injection issue was found in Rukovoditel via the order by parameter at the "/rukovoditel/index.php?module=logs/view&type=php" endpoint. This allows for potential SQL injection attacks...