Description Rukovoditel through 2.4.1 allows XSS via a URL that lacks a module=users%2flogin substring. Remediation References CVE-2019-7541 Related Vulnerabilities Drupal Core 5.x Session Fixation (5.0 - 5.8) Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-19998) Oracle JRE CVE-2013-2424 Vulnerability (CVE-2013-2424) Varnish Cache Other Vulnerability (CVE-2013-4090) WordPress Plugin Quiz and Survey Master (QSM)-Easy Quiz and Survey Maker Cross-Site Scripting (7.1.13) Severity Medium Classification CVE-2019-7541 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Tags Missing Update Known Vulnerabilities