Description

Stored cross-site scripting (XSS) vulnerability in the Copyright Text field found in the Application page under the Configuration menu in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to /rukovoditel_2.4.1/index.php?module=configuration/save&redirect_to=configuration/application.

Remediation

References

CVE-2020-18469

Related Vulnerabilities

easyXDM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-27739)

WordPress Plugin Stockists Manager for Woocommerce Cross-Site Request Forgery (1.0.2.1)

WordPress Plugin Login with phone number Cross-Site Scripting (1.4.1)

Liferay DXP Incorrect Default Permissions Vulnerability (CVE-2022-42130)

WordPress Plugin GiveWP-Donation and Fundraising Platform Cross-Site Scripting (2.10.3)

Severity

Medium

Classification

CVE-2020-18469 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities