2 matches found
EUVD-2026-21682
A pre-authenticated reflected cross-site scripting XSS vulnerability exists in Rukovoditel CRM version 3.6.4 in the Zadarma telephony API endpoint /api/tel/zadarma.php. The application directly reflects user-supplied input from the 'zdecho' GET parameter into the HTTP response without proper...
PT-2026-32121
A reflected cross-site scripting XSS vulnerability exists in Rukovoditel CRM version 3.6.4 and earlier in the Zadarma telephony API endpoint /api/tel/zadarma.php. The application directly reflects user-supplied input from the 'zd echo' GET parameter into the HTTP response without proper...