Lucene search
RukovoditelRukovoditel
5 matches found
CVE-2019-7400
Rukovoditel before 2.4.1 allows XSS.
6.1CVSS6.2AI score0.0738EPSS
CVE-2019-7541
Rukovoditel through 2.4.1 allows XSS via a URL that lacks a module=users%2flogin substring.
6.1CVSS5.9AI score0.0266EPSS
CVE-2024-34468
Rukovoditel before 3.5.3 allows XSS via user_photo to My Page.
6.1CVSS5.8AI score0.00346EPSS
CVE-2020-21732
Rukovoditel Project Management app 2.6 is affected by: Cross Site Scripting (XSS). An attacker can add JavaScript code to the filename.
6.1CVSS6.2AI score0.0045EPSS
CVE-2020-11822
In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the application structure --> user access groups page. Thus, an attacker can inject malicious script to steal all users' valuable data.
6.1CVSS5.9AI score0.00288EPSS