Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Rukovoditel Cross-site Scripting (XSS) Vulnerability (CVE-2019-7541)

Description

Rukovoditel through 2.4.1 allows XSS via a URL that lacks a module=users%2flogin substring.

Remediation

References

Related Vulnerabilities

WordPress Plugin Contact Form by WPForms-Drag & Drop Form Builder for WordPress Directory Traversal (1.7.5.3)

WordPress Plugin Absolute Reviews Cross-Site Request Forgery (1.0.8)

MySQL CVE-2013-2392 Vulnerability (CVE-2013-2392)

WordPress Plugin All 404 Redirect to Homepage Cross-Site Scripting (1.20)

Chamilo Missing Authorization Vulnerability (CVE-2025-59544)

Severity

Medium

Classification

CVE-2019-7541 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities