Rukovoditel Security Vulnerabilities and Issues — Rukovoditel CVE List

Lucene search

RukovoditelRukovoditel

8 matches found

CVE•added 2022/10/28 5:15 p.m.•62 views

CVE-2022-43169

A stored cross-site scripting (XSS) vulnerability in the Users Access Groups feature (/index.php?module=users_groups/users_groups) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add...

5.4CVSS5.1AI score0.06371EPSS

CVE•added 2022/10/28 5:15 p.m.•57 views

CVE-2022-43166

A stored cross-site scripting (XSS) vulnerability in the Global Entities feature (/index.php?module=entities/entities) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New Entity"...

5.4CVSS5.1AI score0.06371EPSS

CVE•added 2022/10/28 5:15 p.m.•55 views

CVE-2022-43165

A stored cross-site scripting (XSS) vulnerability in the Global Variables feature (/index.php?module=global_vars/vars) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Value parameter after clicking "Create".

5.4CVSS5.1AI score0.05356EPSS

CVE•added 2022/10/28 5:15 p.m.•54 views

CVE-2022-43167

A stored cross-site scripting (XSS) vulnerability in the Users Alerts feature (/index.php?module=users_alerts/users_alerts) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add".

5.4CVSS5.1AI score0.07094EPSS

CVE•added 2022/10/19 2:15 p.m.•54 views

CVE-2022-43185

A stored cross-site scripting (XSS) vulnerability in the Configuration/Holidays module of Rukovoditel v3.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter.

5.4CVSS5.2AI score0.04806EPSS

CVE•added 2022/10/28 5:15 p.m.•51 views

CVE-2022-43168

Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the reports_id parameter.

9.8CVSS9.7AI score0.00313EPSS

CVE•added 2022/10/28 5:15 p.m.•51 views

CVE-2022-43170

A stored cross-site scripting (XSS) vulnerability in the Dashboard Configuration feature (index.php?module=dashboard_configure/index) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking ...

5.4CVSS5.1AI score0.06535EPSS

CVE•added 2022/10/28 5:15 p.m.•43 views

CVE-2022-43164

A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=global_lists/lists) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add".

5.4CVSS5.1AI score0.07099EPSS