Stored cross-site scripting (XSS) vulnerability in the Name of application field found in the General Configuration page in Rukovoditel 2.4.1 allows remote malicious users to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to rukovoditel_2.4.1/install/index.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
rukovoditel rukovoditel 2.4.1 |