First published: Wed Oct 19 2022(Updated: )
A stored cross-site scripting (XSS) vulnerability in the Configuration/Holidays module of Rukovoditel v3.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Rukovoditel Rukovoditel | =3.2.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this vulnerability is CVE-2022-43185.
The severity of CVE-2022-43185 is medium.
The affected software of CVE-2022-43185 is Rukovoditel v3.2.1.
An attacker can exploit CVE-2022-43185 by injecting a crafted payload into the Name parameter of the Configuration/Holidays module in Rukovoditel v3.2.1.
Yes, a fix is available for CVE-2022-43185. It is recommended to update to the latest version of Rukovoditel to mitigate this vulnerability.