Filtered by vendor Rukovoditel
Subscriptions
Filtered by product Rukovoditel
Subscriptions
Total
47 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-43288 | 1 Rukovoditel | 1 Rukovoditel | 2025-04-30 | 8.8 High |
| Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the order_by parameter at /rukovoditel/index.php?module=logs/view&type=php. | ||||
| CVE-2022-44952 | 1 Rukovoditel | 1 Rukovoditel | 2025-04-24 | 5.4 Medium |
| Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Copyright Text field after clicking "Add". | ||||
| CVE-2022-44951 | 1 Rukovoditel | 1 Rukovoditel | 2025-04-24 | 5.4 Medium |
| Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Form tab function at /index.php?module=entities/forms&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | ||||
| CVE-2022-44944 | 1 Rukovoditel | 1 Rukovoditel | 2025-04-24 | 5.4 Medium |
| Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field. | ||||
| CVE-2022-45020 | 1 Rukovoditel | 1 Rukovoditel | 2025-04-24 | 8.8 High |
| Rukovoditel v3.2.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in the component /rukovoditel/index.php?module=users/login. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | ||||
| CVE-2022-44950 | 1 Rukovoditel | 1 Rukovoditel | 2025-04-24 | 5.4 Medium |
| Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | ||||
| CVE-2022-44949 | 1 Rukovoditel | 1 Rukovoditel | 2025-04-24 | 5.4 Medium |
| Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Short Name field. | ||||
| CVE-2022-44948 | 1 Rukovoditel | 1 Rukovoditel | 2025-04-24 | 5.4 Medium |
| Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature at/index.php?module=entities/entities_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add". | ||||
| CVE-2022-44947 | 1 Rukovoditel | 1 Rukovoditel | 2025-04-24 | 5.4 Medium |
| Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature at /index.php?module=entities/listing_types&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note field after clicking "Add". | ||||
| CVE-2022-44946 | 1 Rukovoditel | 1 Rukovoditel | 2025-04-24 | 5.4 Medium |
| Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Page function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field. | ||||
| CVE-2022-44945 | 1 Rukovoditel | 1 Rukovoditel | 2025-04-24 | 9.8 Critical |
| Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the heading_field_id parameter. | ||||
| CVE-2020-13590 | 1 Rukovoditel | 1 Rukovoditel | 2025-04-15 | 7.2 High |
| Multiple exploitable SQL injection vulnerabilities exist in the 'entities/fields' page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities, this can be done either with administrator credentials or through cross-site request forgery. | ||||
| CVE-2022-48175 | 1 Rukovoditel | 1 Rukovoditel | 2025-03-28 | 9.8 Critical |
| Rukovoditel v3.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the component /rukovoditel/index.php?module=dashboard/ajax_request. | ||||
| CVE-2022-43185 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Configuration/Holidays module of Rukovoditel v3.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter. | ||||
| CVE-2022-43170 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Dashboard Configuration feature (index.php?module=dashboard_configure/index) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add info block". | ||||
| CVE-2022-43169 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Users Access Groups feature (/index.php?module=users_groups/users_groups) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New Group". | ||||
| CVE-2022-43168 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 9.8 Critical |
| Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the reports_id parameter. | ||||
| CVE-2022-43167 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Users Alerts feature (/index.php?module=users_alerts/users_alerts) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add". | ||||
| CVE-2022-43166 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Global Entities feature (/index.php?module=entities/entities) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New Entity". | ||||
| CVE-2022-43165 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Global Variables feature (/index.php?module=global_vars/vars) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Value parameter after clicking "Create". | ||||