Rukovoditel prior to 3.5.3 allows XSS via user_photo to index.php?module=users/registration&action=save.
CVE-2024-34469
CVE-2024-34469 CVE-2024-34469