CVE-2020-11813: XSS
First published: Thu Apr 16 2020(Updated: )
In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the configuration page via the copyright text input. Thus, an attacker can inject a malicious script to steal all users' valuable data. This copyright text is on every page so this attack vector can be very dangerous.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rukovoditel Rukovoditel | =2.5.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this Rukovoditel version 2.5.2 issue?
The vulnerability ID for this Rukovoditel version 2.5.2 issue is CVE-2020-11813.
What is the severity of the CVE-2020-11813 vulnerability?
The severity of the CVE-2020-11813 vulnerability is medium with a CVSS score of 5.4.
How does the stored XSS vulnerability in Rukovoditel 2.5.2 work?
The stored XSS vulnerability in Rukovoditel 2.5.2 allows an attacker to inject a malicious script through the copyright text input on the configuration page, potentially leading to data theft.
What software version is affected by the CVE-2020-11813 vulnerability?
The CVE-2020-11813 vulnerability affects Rukovoditel version 2.5.2.
Is the stored XSS vulnerability in Rukovoditel 2.5.2 dangerous?
Yes, the stored XSS vulnerability in Rukovoditel 2.5.2 is dangerous as it can be exploited to steal valuable data from users.
- collector/nvd-index
- vendor/rukovoditel
- canonical/rukovoditel rukovoditel
- version/rukovoditel rukovoditel/2.5.2