Description
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Short Name field.
Remediation
References
Related Vulnerabilities
WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Cross-Site Scripting (1.5.68)
OpenSSL Integer Overflow or Wraparound Vulnerability (CVE-2016-2177)
PHP Improper Restriction of XML External Entity Reference Vulnerability (CVE-2023-3823)
Moodle Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2020-14322)
Oracle Application Server CVE-2008-2593 Vulnerability (CVE-2008-2593)