Filtered by vendor Rukovoditel
Subscribe
Total
40 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-34468 | 1 Rukovoditel | 1 Rukovoditel | 2025-06-17 | N/A | 6.1 MEDIUM |
| Rukovoditel before 3.5.3 allows XSS via user_photo to My Page. | |||||
| CVE-2024-34469 | 1 Rukovoditel | 1 Rukovoditel | 2025-06-17 | N/A | 7.1 HIGH |
| Rukovoditel before 3.5.3 allows XSS via user_photo to index.php?module=users/registration&action=save. | |||||
| CVE-2022-43185 | 1 Rukovoditel | 1 Rukovoditel | 2025-05-08 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Configuration/Holidays module of Rukovoditel v3.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter. | |||||
| CVE-2022-43169 | 1 Rukovoditel | 1 Rukovoditel | 2025-05-08 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Users Access Groups feature (/index.php?module=users_groups/users_groups) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New Group". | |||||
| CVE-2022-43168 | 1 Rukovoditel | 1 Rukovoditel | 2025-05-08 | N/A | 9.8 CRITICAL |
| Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the reports_id parameter. | |||||
| CVE-2022-43167 | 1 Rukovoditel | 1 Rukovoditel | 2025-05-08 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Users Alerts feature (/index.php?module=users_alerts/users_alerts) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add". | |||||
| CVE-2022-43166 | 1 Rukovoditel | 1 Rukovoditel | 2025-05-08 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Global Entities feature (/index.php?module=entities/entities) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New Entity". | |||||
| CVE-2022-43165 | 1 Rukovoditel | 1 Rukovoditel | 2025-05-08 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Global Variables feature (/index.php?module=global_vars/vars) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Value parameter after clicking "Create". | |||||
| CVE-2022-43164 | 1 Rukovoditel | 1 Rukovoditel | 2025-05-08 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=global_lists/lists) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add". | |||||
| CVE-2022-43170 | 1 Rukovoditel | 1 Rukovoditel | 2025-05-07 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Dashboard Configuration feature (index.php?module=dashboard_configure/index) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add info block". | |||||
| CVE-2022-43288 | 1 Rukovoditel | 1 Rukovoditel | 2025-04-30 | N/A | 8.8 HIGH |
| Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the order_by parameter at /rukovoditel/index.php?module=logs/view&type=php. | |||||
| CVE-2022-45020 | 1 Rukovoditel | 1 Rukovoditel | 2025-04-24 | N/A | 8.8 HIGH |
| Rukovoditel v3.2.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in the component /rukovoditel/index.php?module=users/login. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | |||||
| CVE-2022-48175 | 1 Rukovoditel | 1 Rukovoditel | 2025-03-28 | N/A | 9.8 CRITICAL |
| Rukovoditel v3.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the component /rukovoditel/index.php?module=dashboard/ajax_request. | |||||
| CVE-2021-30224 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) in Rukovoditel v2.8.3 allows attackers to create an admin user with an arbitrary credentials. | |||||
| CVE-2020-35987 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in the 'Entities List' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter. | |||||
| CVE-2020-35986 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter. | |||||
| CVE-2020-35985 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in the 'Global Lists" feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter. | |||||
| CVE-2020-35984 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter. | |||||
| CVE-2020-21732 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Rukovoditel Project Management app 2.6 is affected by: Cross Site Scripting (XSS). An attacker can add JavaScript code to the filename. | |||||
| CVE-2020-18470 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored cross-site scripting (XSS) vulnerability in the Name of application field found in the General Configuration page in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to rukovoditel_2.4.1/install/index.php. | |||||