CVE-2020-18469: XSS
First published: Thu Aug 26 2021(Updated: )
Stored cross-site scripting (XSS) vulnerability in the Copyright Text field found in the Application page under the Configuration menu in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to /rukovoditel_2.4.1/index.php?module=configuration/save&redirect_to=configuration/application.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rukovoditel Rukovoditel | =2.4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-18469?
CVE-2020-18469 is a stored cross-site scripting (XSS) vulnerability found in the Copyright Text field in Rukovoditel 2.4.1.
How does CVE-2020-18469 affect Rukovoditel 2.4.1?
CVE-2020-18469 allows remote attackers to inject arbitrary web script or HTML by submitting a crafted website name using an authenticated POST HTTP request to /rukovo.
What is the severity of CVE-2020-18469?
The severity of CVE-2020-18469 is medium, with a severity value of 5.4.
How can I fix CVE-2020-18469?
To fix CVE-2020-18469, update Rukovoditel to a version that addresses the vulnerability.
What is CWE-79?
CWE-79 is a common weakness enumeration referring to cross-site scripting (XSS) vulnerabilities.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- vendor/rukovoditel
- canonical/rukovoditel rukovoditel
- version/rukovoditel rukovoditel/2.4.1