Description
A stored cross-site scripting (XSS) vulnerability in the Configuration/Holidays module of Rukovoditel v3.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin Invite Anyone PHP Object Injection (1.3.18)
SharePoint Improper Authentication Vulnerability (CVE-2025-49706)
WordPress Plugin Discounts Manager for Products Cross-Site Scripting (3.4.4)
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2044)
MediaWiki Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1581)