Description
A stored cross-site scripting (XSS) vulnerability in the Users Alerts feature (/index.php?module=users_alerts/users_alerts) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add".
Remediation
References
Related Vulnerabilities
Dolibarr Inadequate Encryption Strength Vulnerability (CVE-2017-7888)
Ampache Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2008-3929)
MyBB Improper Input Validation Vulnerability (CVE-2016-9420)
Oracle JRE CVE-2014-2402 Vulnerability (CVE-2014-2402)
WordPress Plugin WP Forum Server Cross-Site Scripting and SQL Injection Vulnerabilities (1.7.3)