Description
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Copyright Text field after clicking "Add".
Remediation
References
Related Vulnerabilities
Piwigo Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3790)
WordPress Plugin Cooked-Recipe Cross-Site Scripting (1.7.9)
Tornado Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2014-9720)
Apache Tomcat Other Vulnerability (CVE-2001-1563)
WordPress Plugin One Click Upsell Funnel for WooCommerce Unspecified Vulnerability (2.0.0)