Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-53898)

Description

Rukovoditel 3.4.1 contains a stored cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts. Attackers can insert iframe and script payloads in application copyright text to execute arbitrary JavaScript in victim browsers.

Remediation

References

Related Vulnerabilities

WordPress Plugin Two-Factor Authentication-Clockwork SMS Cross-Site Scripting (1.0.3)

MediaWiki remote code execution

Oracle JRE CVE-2013-2465 Vulnerability (CVE-2013-2465)

Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-5539)

Apache Tomcat Other Vulnerability (CVE-2007-2449)

Severity

Medium

Classification

CVE-2023-53898 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities