Description
A stored cross-site scripting (XSS) vulnerability in the Configuration/Holidays module of Rukovoditel v3.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter.
Remediation
References
Related Vulnerabilities
Moodle Improper Input Validation Vulnerability (CVE-2009-1171)
Coppermine Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-7186)
Werkzeug WSGI URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-28724)
Handlebars Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2019-20922)