Description
Rukovoditel through 2.4.1 allows XSS via a URL that lacks a module=users%2flogin substring.
Remediation
References
Related Vulnerabilities
Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2017-3169)
WordPress Plugin Taxonomy Images Multiple Unspecified Vulnerabilities (0.6)
Jenkins Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-1999044)
WordPress Plugin WordPress WP-Advanced-Search SQL Injection (3.3.6)
Liferay Portal Missing Authorization Vulnerability (CVE-2023-33948)