Description
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Copyright Text field after clicking "Add".
Remediation
References
Related Vulnerabilities
WordPress Plugin Digg Digg Cross-Site Request Forgery (5.3.4)
WordPress Plugin Hide My WP Cross-Site Scripting (4.53)
WordPress Plugin OneLogin SAML SSO Security Bypass (2.2.0)
Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6212)
WordPress Plugin WP EasyPay-Square for WordPress Cross-Site Request Forgery (3.2.0)