Description
Stored cross-site scripting (XSS) vulnerability in the Copyright Text field found in the Application page under the Configuration menu in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to /rukovoditel_2.4.1/index.php?module=configuration/save&redirect_to=configuration/application.
Remediation
References
Related Vulnerabilities
WordPress Plugin Form Vibes-Database Manager for Forms Unspecified Vulnerability (1.4.2)
WordPress Plugin Responsive Gallery Grid Cross-Site Scripting (2.3.8)
Oracle Database Server CVE-2012-1708 Vulnerability (CVE-2012-1708)
WordPress Plugin Product Addons & Fields for WooCommerce Cross-Site Scripting (32.0.6)
WordPress Plugin WP Ad Guru Lite Cross-Site Scripting (1.6.0)