Description
A stored cross site scripting (XSS) vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Symposium Toolbar Unspecified Vulnerability (0.26.0)
WordPress Plugin Extensive VC Addons for WPBakery page builder Local File Inclusion (1.9)
WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.23)
MySQL CVE-2019-2533 Vulnerability (CVE-2019-2533)
WordPress Plugin WPFront Notification Bar Cross-Site Scripting (1.9.1.04012)