Description
A stored cross site scripting (XSS) vulnerability in the 'Entities List' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.
Remediation
References
Related Vulnerabilities
OpenVPN AS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-2061)
SharePoint Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2025-49704)
TYPO3 Improper Authentication Vulnerability (CVE-2015-2047)
MyBB Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-3579)
ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-1501)