CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-44948
https://notcve.org/view.php?id=CVE-2022-44948
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature at/index.php?module=entities/entities_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add". Se descubrió que Rukovoditel v3.2.1 contiene una vulnerabilidad de Cross-Site Scripting (XSS) Almacenado en la función Entities Group at/index.php?module=entities/entities_groups. • http://rukovoditel.com https://github.com/anhdq201/rukovoditel/issues/8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-44945
https://notcve.org/view.php?id=CVE-2022-44945
Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the heading_field_id parameter. Se descubrió que Rukovoditel v3.2.1 contiene una vulnerabilidad de inyección SQL a través del parámetro header_field_id. • http://rukovoditel.com https://github.com/anhdq201/rukovoditel/issues/16 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-44950
https://notcve.org/view.php?id=CVE-2022-44950
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. Se descubrió que Rukovoditel v3.2.1 contiene una vulnerabilidad de Cross-Site Scripting (XSS) Almacenado en la función Agregar nuevo campo en /index.php?module=entities/fields&entities_id=24. • http://rukovoditel.com https://github.com/anhdq201/rukovoditel/issues/10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 5%CPEs: 1EXPL: 1CVE-2022-44952
https://notcve.org/view.php?id=CVE-2022-44952
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Copyright Text field after clicking "Add". Se descubrió que Rukovoditel v3.2.1 contenía una vulnerabilidad de Cross-Site Scripting (XSS) Almacenado en /index.php?module=configuration/application. • http://rukovoditel.com https://github.com/anhdq201/rukovoditel/issues/9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-44947
https://notcve.org/view.php?id=CVE-2022-44947
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature at /index.php?module=entities/listing_types&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note field after clicking "Add". Se descubrió que Rukovoditel v3.2.1 contenía una vulnerabilidad de Cross-Site Scripting (XSS) Almacenado en la función Resaltar fila en /index.php?module=entities/listing_types&entities_id=24. • http://rukovoditel.com https://github.com/anhdq201/rukovoditel/issues/13 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •