CVE-2022-43166: XSS
First published: Fri Oct 28 2022(Updated: )
A stored cross-site scripting (XSS) vulnerability in the Global Entities feature (/index.php?module=entities/entities) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New Entity".
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rukovoditel Rukovoditel | =3.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID is CVE-2022-43166.
What is the severity of CVE-2022-43166?
The severity of CVE-2022-43166 is medium.
What is the affected software?
The affected software is Rukovoditel v3.2.1.
How does the vulnerability work?
The vulnerability allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking 'Add New Entity' in the Global Entities feature.
Is there a fix available for CVE-2022-43166?
At the moment, there is no known fix available for CVE-2022-43166, but it is recommended to update to the latest version of Rukovoditel and follow any patches or security advisories from the vendor.
- collector/nvd-index
- vendor/rukovoditel
- canonical/rukovoditel rukovoditel
- version/rukovoditel rukovoditel/3.2.1