Description
A stored cross-site scripting (XSS) vulnerability in the Users Access Groups feature (/index.php?module=users_groups/users_groups) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New Group".
Remediation
References
Related Vulnerabilities
WordPress Plugin Akeeba Backup CORE for WordPress Arbitrary File Upload (1.1.3)
Oracle HTTP Server Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-40438)
WordPress Plugin Advanced Custom Fields (ACF) Cross-Site Scripting (6.1.5)
Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-3057)