Description
In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the configuration page via the copyright text input. Thus, an attacker can inject a malicious script to steal all users' valuable data. This copyright text is on every page so this attack vector can be very dangerous.
Remediation
References
Related Vulnerabilities
WordPress Plugin Advanced User Registration and Management Cross-Site Scripting (2.3.5)
Dotclear Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-1613)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-20330)
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1734)
WordPress Plugin Donation Thermometer Cross-Site Scripting (2.1.2)