36 matches found
CVE-2023-53913
CVE-2023-53913 affects Rukovoditel 3.3.1. A CSV injection vulnerability arises from improper cleaning of the firstname field, allowing authenticated users to inject formulas like “=calc|a!z|” that can trigger code execution when an admin exports customer data as CSV. The root cause is user-suppli...
EUVD-2018-12734
Malware in sbrugna...
EUVD-2019-16942
Malware in sbrugna...
EUVD-2020-10394
Malware in sbrugna...
EUVD-2020-4157
Malware in sbrugna...
EUVD-2020-23568
Malware in sbrugna...
EUVD-2022-47873
Malicious code in bioql PyPI...
EUVD-2022-47871
Malicious code in bioql PyPI...
EUVD-2022-47877
Malicious code in bioql PyPI...
EUVD-2022-46211
Malicious code in bioql PyPI...
EUVD-2022-47876
Malicious code in bioql PyPI...
EUVD-2022-46229
Malicious code in bioql PyPI...
CVE-2022-43169
A stored cross-site scripting XSS vulnerability in the Users Access Groups feature /index.php?module=usersgroups/usersgroups of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New...
CVE-2022-44948
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Entities Group feature at/index.php?module=entities/entitiesgroups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...
CVE-2022-43185
A stored cross-site scripting XSS vulnerability in the Configuration/Holidays module of Rukovoditel v3.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter...
CVE-2022-43165
A stored cross-site scripting XSS vulnerability in the Global Variables feature /index.php?module=globalvars/vars of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Value parameter after clicking "Create"...
CVE-2022-43166
A stored cross-site scripting XSS vulnerability in the Global Entities feature /index.php?module=entities/entities of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New Entity"...
CVE-2020-35984
A stored cross site scripting XSS vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter...
CVE-2020-35985
A stored cross site scripting XSS vulnerability in the 'Global Lists" feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter...
CVE-2020-11819
In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve command execution...