CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-48175
https://notcve.org/view.php?id=CVE-2022-48175
Rukovoditel v3.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the component /rukovoditel/index.php?module=dashboard/ajax_request. • https://github.com/y1s3m0/vulnfind/blob/main/rukovoditel/rce_ajax_request.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45020
https://notcve.org/view.php?id=CVE-2022-45020
Rukovoditel v3.2.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in the component /rukovoditel/index.php?module=users/login. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request. Se descubrió que Rukovoditel v3.2.1 contiene una vulnerabilidad de Cross-Site Scripting (XSS) basada en DOM en el componente /rukovoditel/index.php?module=users/login. • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/rukovoditel.net/2022/rukovoditel-3.2.1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-44944
https://notcve.org/view.php?id=CVE-2022-44944
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field. Se descubrió que Rukovoditel v3.2.1 contiene una vulnerabilidad de Cross-Site Scripting (XSS) Almacenado en la función Agregar anuncio en /index.php?module=help_pages/pages&entities_id=24. • http://rukovoditel.com https://github.com/anhdq201/rukovoditel/issues/14 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-44946
https://notcve.org/view.php?id=CVE-2022-44946
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Page function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field. Se descubrió que Rukovoditel v3.2.1 contiene una vulnerabilidad de Cross-Site Scripting (XSS) Almacenado en la función Agregar página en /index.php?module=help_pages/pages&entities_id=24. • http://rukovoditel.com https://github.com/anhdq201/rukovoditel/issues/15 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-44951
https://notcve.org/view.php?id=CVE-2022-44951
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Form tab function at /index.php?module=entities/forms&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. Se descubrió que Rukovoditel v3.2.1 contiene una vulnerabilidad de Cross-Site Scripting (XSS) Almacenado en la función de la pestaña Agregar nuevo formulario en /index.php?module=entities/forms&entities_id=24. • http://rukovoditel.com https://github.com/anhdq201/rukovoditel/issues/11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •