Description
A stored cross site scripting (XSS) vulnerability in the 'Entities List' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.
Remediation
References
Related Vulnerabilities
MySQL CVE-2014-0386 Vulnerability (CVE-2014-0386)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1000398)
Joomla! Core 3.x.x Open Redirect (3.0.0 - 3.4.1)
WordPress Plugin Users Ultra SQL Injection (1.5.15)
WordPress Plugin BuddyPress 'page' Parameter SQL Injection (1.5.4)