Description
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Page function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.
Remediation
References
Related Vulnerabilities
Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-5674)
WordPress Plugin WP Cerber Security, Anti-spam & Malware Scan Cross-Site Request Forgery (2.0.1.6)
Oracle JRE CVE-2013-5803 Vulnerability (CVE-2013-5803)
WordPress Insecure Default Initialization of Resource Vulnerability (CVE-2017-5491)