First published: Thu Apr 16 2020(Updated: )
In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the configuration page via the copyright text input. Thus, an attacker can inject a malicious script to steal all users' valuable data. This copyright text is on every page so this attack vector can be very dangerous.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Rukovoditel Rukovoditel | =2.5.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Rukovoditel version 2.5.2 issue is CVE-2020-11813.
The severity of the CVE-2020-11813 vulnerability is medium with a CVSS score of 5.4.
The stored XSS vulnerability in Rukovoditel 2.5.2 allows an attacker to inject a malicious script through the copyright text input on the configuration page, potentially leading to data theft.
The CVE-2020-11813 vulnerability affects Rukovoditel version 2.5.2.
Yes, the stored XSS vulnerability in Rukovoditel 2.5.2 is dangerous as it can be exploited to steal valuable data from users.