First published: Thu Aug 26 2021(Updated: )
Stored cross-site scripting (XSS) vulnerability in the Copyright Text field found in the Application page under the Configuration menu in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to /rukovoditel_2.4.1/index.php?module=configuration/save&redirect_to=configuration/application.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Rukovoditel Rukovoditel | =2.4.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-18469 is a stored cross-site scripting (XSS) vulnerability found in the Copyright Text field in Rukovoditel 2.4.1.
CVE-2020-18469 allows remote attackers to inject arbitrary web script or HTML by submitting a crafted website name using an authenticated POST HTTP request to /rukovo.
The severity of CVE-2020-18469 is medium, with a severity value of 5.4.
To fix CVE-2020-18469, update Rukovoditel to a version that addresses the vulnerability.
CWE-79 is a common weakness enumeration referring to cross-site scripting (XSS) vulnerabilities.