First published: Fri Jul 09 2021(Updated: )
A stored cross site scripting (XSS) vulnerability in the 'Global Lists" feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Rukovoditel Rukovoditel | =2.7.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-35985.
The severity of CVE-2020-35985 is medium with a CVSS score of 5.4.
Rukovoditel version 2.7.2 is affected by CVE-2020-35985.
CVE-2020-35985 is a stored cross-site scripting (XSS) vulnerability where authenticated attackers can execute arbitrary web scripts or HTML by manipulating the 'Name' parameter in the 'Global Lists' feature of Rukovoditel 2.7.2.
At the moment, there is no known fix available for CVE-2020-35985. It is recommended to follow the vendor's advisory for any updates or patches.