Filtered by vendor Rukovoditel
Subscribe
Total
38 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-48175 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | N/A | 9.8 CRITICAL |
| Rukovoditel v3.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the component /rukovoditel/index.php?module=dashboard/ajax_request. | |||||
| CVE-2022-45020 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | N/A | 8.8 HIGH |
| Rukovoditel v3.2.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in the component /rukovoditel/index.php?module=users/login. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | |||||
| CVE-2022-43288 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | N/A | 8.8 HIGH |
| Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the order_by parameter at /rukovoditel/index.php?module=logs/view&type=php. | |||||
| CVE-2022-43185 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Configuration/Holidays module of Rukovoditel v3.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter. | |||||
| CVE-2022-43170 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Dashboard Configuration feature (index.php?module=dashboard_configure/index) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add info block". | |||||
| CVE-2022-43169 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Users Access Groups feature (/index.php?module=users_groups/users_groups) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New Group". | |||||
| CVE-2022-43168 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | N/A | 9.8 CRITICAL |
| Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the reports_id parameter. | |||||
| CVE-2022-43167 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Users Alerts feature (/index.php?module=users_alerts/users_alerts) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add". | |||||
| CVE-2022-43166 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Global Entities feature (/index.php?module=entities/entities) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New Entity". | |||||
| CVE-2022-43165 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Global Variables feature (/index.php?module=global_vars/vars) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Value parameter after clicking "Create". | |||||
| CVE-2022-43164 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=global_lists/lists) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add". | |||||
| CVE-2021-30224 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) in Rukovoditel v2.8.3 allows attackers to create an admin user with an arbitrary credentials. | |||||
| CVE-2020-35987 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in the 'Entities List' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter. | |||||
| CVE-2020-35986 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter. | |||||
| CVE-2020-35985 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in the 'Global Lists" feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter. | |||||
| CVE-2020-35984 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter. | |||||
| CVE-2020-21732 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Rukovoditel Project Management app 2.6 is affected by: Cross Site Scripting (XSS). An attacker can add JavaScript code to the filename. | |||||
| CVE-2020-18470 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored cross-site scripting (XSS) vulnerability in the Name of application field found in the General Configuration page in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to rukovoditel_2.4.1/install/index.php. | |||||
| CVE-2020-18469 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored cross-site scripting (XSS) vulnerability in the Copyright Text field found in the Application page under the Configuration menu in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to /rukovoditel_2.4.1/index.php?module=configuration/save&redirect_to=configuration/application. | |||||
| CVE-2020-13592 | 1 Rukovoditel | 1 Project Management | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable SQL injection vulnerability exists in "global_lists/choices" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery. | |||||