Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rukovoditel vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2020-35984
A stored cross site scripting (XSS) vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter.
Rukovoditel Rukovoditel 2.7.2
5.4
CVSSv3
CVE-2020-35985
A stored cross site scripting (XSS) vulnerability in the 'Global Lists" feature of Rukovoditel 2.7.2 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.
Rukovoditel Rukovoditel 2.7.2
5.4
CVSSv3
CVE-2020-35987
A stored cross site scripting (XSS) vulnerability in the 'Entities List' feature of Rukovoditel 2.7.2 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.
Rukovoditel Rukovoditel 2.7.2
5.4
CVSSv3
CVE-2020-11813
In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the configuration page via the copyright text input. Thus, an attacker can inject a malicious script to steal all users' valuable data. This copyright text is on every page so this attack vector can be very dangero...
Rukovoditel Rukovoditel 2.5.2
9.8
CVSSv3
CVE-2020-11815
In Rukovoditel 2.5.2, attackers can upload arbitrary file to the server by just changing the content-type value. As a result of that, an attacker can execute a command on the server. This specific attack only occurs without the Maintenance Mode setting.
Rukovoditel Rukovoditel 2.5.2
9.8
CVSSv3
CVE-2020-11817
In Rukovoditel V2.5.2, attackers can upload an arbitrary file to the server just changing the the content-type value. As a result of that, an attacker can execute a command on the server. This specific attack only occurs with the Maintenance Mode setting.
Rukovoditel Rukovoditel 2.5.2
8.8
CVSSv3
CVE-2020-11818
In Rukovoditel 2.5.2 has a form_session_token value to prevent CSRF attacks. This protection mechanism can be bypassed with another user's valid token. Thus, an attacker can change the Admin password by using a CSRF attack and escalate his/her privileges.
Rukovoditel Rukovoditel 2.5.2
9.8
CVSSv3
CVE-2020-11820
Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the entities_id parameter.
Rukovoditel Rukovoditel 2.5.2
6.1
CVSSv3
CVE-2020-11822
In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the application structure --> user access groups page. Thus, an attacker can inject malicious script to steal all users' valuable data.
Rukovoditel Rukovoditel 2.5.2
8.8
CVSSv3
CVE-2020-13592
An exploitable SQL injection vulnerability exists in "global_lists/choices" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...
Rukovoditel Rukovoditel 2.7.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000
CVE-2024-4439
unauthorized
CVE-2024-0042
CVE-2024-31848
CVE-2023-40694
cache poisoning
CVE-2024-23707
firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »