Description

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Page function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.

Remediation

References

CVE-2022-44946

Related Vulnerabilities

ownCloud Files or Directories Accessible to External Parties Vulnerability (CVE-2015-4715)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-29051)

WordPress Plugin WP Font Awesome Cross-Site Scripting (1.7.8)

Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-12167)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-0211)

Severity

Medium

Classification

CVE-2022-44946 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities