Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Rukovoditel Subscribe
Filtered by product Rukovoditel

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-18469 1 Rukovoditel 1 Rukovoditel 2021-08-27 3.5 LOW 5.4 MEDIUM
Stored cross-site scripting (XSS) vulnerability in the Copyright Text field found in the Application page under the Configuration menu in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to /rukovoditel_2.4.1/index.php?module=configuration/save&redirect_to=configuration/application.
CVE-2020-18470 1 Rukovoditel 1 Rukovoditel 2021-08-27 3.5 LOW 5.4 MEDIUM
Stored cross-site scripting (XSS) vulnerability in the Name of application field found in the General Configuration page in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to rukovoditel_2.4.1/install/index.php.
CVE-2020-11821 1 Rukovoditel 1 Rukovoditel 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing. Thus, an attacker can easily apply brute force on them.
CVE-2020-21732 1 Rukovoditel 1 Rukovoditel 2020-09-17 4.3 MEDIUM 6.1 MEDIUM
Rukovoditel Project Management app 2.6 is affected by: Cross Site Scripting (XSS). An attacker can add JavaScript code to the filename.
CVE-2020-11822 1 Rukovoditel 1 Rukovoditel 2020-05-04 4.3 MEDIUM 6.1 MEDIUM
In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the application structure --> user access groups page. Thus, an attacker can inject malicious script to steal all users' valuable data.
CVE-2020-11813 1 Rukovoditel 1 Rukovoditel 2020-04-23 3.5 LOW 5.4 MEDIUM
In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the configuration page via the copyright text input. Thus, an attacker can inject a malicious script to steal all users' valuable data. This copyright text is on every page so this attack vector can be very dangerous.
CVE-2019-7541 1 Rukovoditel 1 Rukovoditel 2019-05-08 4.3 MEDIUM 6.1 MEDIUM
Rukovoditel through 2.4.1 allows XSS via a URL that lacks a module=users%2flogin substring.
CVE-2019-7400 1 Rukovoditel 1 Rukovoditel 2019-04-01 4.3 MEDIUM 6.1 MEDIUM
Rukovoditel before 2.4.1 allows XSS.