Description
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Form tab function at /index.php?module=entities/forms&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP eCommerce SQL Injection (3.11.3)
Joomla! Core 3.0.x Clickjacking Vulnerability (3.0.0 - 3.0.1)
Envoy Proxy Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2019-18836)
WordPress Plugin Social Login Lite For WooCommerce Security Bypass (1.6.0)
WordPress Plugin WP Ultimate Exporter Cross-Site Scripting (1.0)