Rukovoditel@2.7.2 Security Vulnerabilities and Issues — Rukovoditel@2.7.2 CVE List

Lucene search

RukovoditelRukovoditel2.7.2

10 matches found

CVE•added 2021/07/09 10:15 p.m.•82 views

CVE-2020-35985

A stored cross site scripting (XSS) vulnerability in the 'Global Lists" feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.

5.4CVSS5.2AI score0.05134EPSS

CVE•added 2021/07/09 10:15 p.m.•80 views

CVE-2020-35987

A stored cross site scripting (XSS) vulnerability in the 'Entities List' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.

5.4CVSS5.2AI score0.01614EPSS

CVE•added 2021/07/09 10:15 p.m.•73 views

CVE-2020-35986

A stored cross site scripting (XSS) vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.

5.4CVSS5.2AI score0.02223EPSS

CVE•added 2021/08/17 8:15 p.m.•71 views

CVE-2020-13588

An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The heading_field_id parameter in ‘‘entities/fields’ page is vulnerable to authenticated SQL injection. An attacker can make authenticated HTTP requests to trigger this v...

8.8CVSS8.8AI score0.00719EPSS

CVE•added 2021/07/09 10:15 p.m.•70 views

CVE-2020-35984

A stored cross site scripting (XSS) vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter.

5.4CVSS5.2AI score0.01648EPSS

CVE•added 2021/08/17 8:15 p.m.•62 views

CVE-2020-13589

An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The entities_id parameter in the 'entities/fields page (mulitple_edit or copy_selected or export function) is vulnerable to authenticated SQL injection. An attacker can m...

8.8CVSS8.8AI score0.00719EPSS

CVE•added 2021/04/09 6:15 p.m.•57 views

CVE-2020-13587

An exploitable SQL injection vulnerability exists in the "forms_fields_rules/rules" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done ei...

8.8CVSS8.8AI score0.04422EPSS

CVE•added 2021/04/09 6:15 p.m.•55 views

CVE-2020-13592

An exploitable SQL injection vulnerability exists in "global_lists/choices" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either wit...

8.8CVSS8.8AI score0.0393EPSS

CVE•added 2021/04/09 6:15 p.m.•49 views

CVE-2020-13591

An exploitable SQL injection vulnerability exists in the "access_rules/rules_form" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done eit...

8.8CVSS8.8AI score0.03703EPSS

CVE•added 2022/04/18 5:15 p.m.•39 views

CVE-2020-13590

Multiple exploitable SQL injection vulnerabilities exist in the 'entities/fields' page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities, this can be done eit...

7.2CVSS7.8AI score0.00918EPSS