Description
A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=global_lists/lists) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add".
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Symposium Arbitrary File Upload (14.11)
WordPress Plugin Xhanch-My Twitter Multiple Cross-Site Request Forgery Vulnerabilities (2.7.7)
MySQL CVE-2021-35602 Vulnerability (CVE-2021-35602)
XWiki Other Vulnerability (CVE-2022-36090)
Oracle Database Server CVE-2015-4873 Vulnerability (CVE-2015-4873)