Description
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature at /index.php?module=entities/listing_types&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note field after clicking "Add".
Remediation
References
Related Vulnerabilities
Resin Application Server Other Vulnerability (CVE-2004-0281)
PHP Improper Input Validation Vulnerability (CVE-2014-5120)
MediaWiki Improper Input Validation Vulnerability (CVE-2017-0370)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-0790)
WordPress Plugin Shopping Cart & eCommerce Store Multiple Security Bypass Vulnerabilities (3.0.20)