CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-44949
https://notcve.org/view.php?id=CVE-2022-44949
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Short Name field. Se descubrió que Rukovoditel v3.2.1 contiene una vulnerabilidad de Cross-Site Scripting (XSS) Almacenado en la función Agregar nuevo campo en /index.php?module=entities/fields&entities_id=24. • http://rukovoditel.com https://github.com/anhdq201/rukovoditel/issues/12 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43288
https://notcve.org/view.php?id=CVE-2022-43288
Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the order_by parameter at /rukovoditel/index.php?module=logs/view&type=php. Se descubrió que Rukovoditel v3.2.1 contiene una vulnerabilidad de inyección SQL a través del parámetro order_by en /rukovoditel/index.php?module=logs/view&type=php. • https://github.com/Kubozz/rukovoditel-3.2.1/issues/2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43165
https://notcve.org/view.php?id=CVE-2022-43165
A stored cross-site scripting (XSS) vulnerability in the Global Variables feature (/index.php?module=global_vars/vars) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Value parameter after clicking "Create". Una vulnerabilidad de Stored Cross-Site Scripting (XSS) en la función Variables globales (/index.php?module=global_vars/vars) de Rukovoditel v3.2.1 permite a atacantes autenticados ejecutar scripts web o HTML de su elección a través de un payload manipulado inyectado en el valor. parámetro después de hacer clic en ""Crear"". • https://github.com/anhdq201/rukovoditel/issues/5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43164
https://notcve.org/view.php?id=CVE-2022-43164
A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=global_lists/lists) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add". Una vulnerabilidad de Stored Cross-Site Scripting (XSS) en la función Listas globales (/index.php?module=global_lists/lists) de Rukovoditel v3.2.1 permite a atacantes autenticados ejecutar scripts web o HTML de su elección a través de un payload manipulado inyectado en el Name parámetro después de hacer clic en ""Agregar"". • https://github.com/anhdq201/rukovoditel/issues/4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43167
https://notcve.org/view.php?id=CVE-2022-43167
A stored cross-site scripting (XSS) vulnerability in the Users Alerts feature (/index.php?module=users_alerts/users_alerts) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add". Una vulnerabilidad de Stored Cross-Site Scripting (XSS) en la función Alertas de usuarios (/index.php?module=users_alerts/users_alerts) de Rukovoditel v3.2.1 permite a atacantes autenticados ejecutar scrpts web o HTML de su elección a través de un payload manipulado inyectado en el título. parámetro después de hacer clic en ""Agregar"". • https://github.com/anhdq201/rukovoditel/issues/7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •