Description
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Short Name field.
Remediation
References
Related Vulnerabilities
MySQL CVE-2021-35625 Vulnerability (CVE-2021-35625)
WordPress Plugin WP-Stats 'author' Parameter SQL Injection (2.0)
WordPress Plugin WooCommerce Product Feed Manager Security Bypass (2.2.3)
WordPress Plugin WebLibrarian SQL Injection (3.5.4)
WordPress Plugin Our Team Showcase Cross-Site Request Forgery (1.2)