Rukovoditel

Rukovoditel

52 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2023-53913

Exploit
  • EPSS 0.16%
  • Veröffentlicht 17.12.2025 22:44:48
  • Zuletzt bearbeitet 24.12.2025 17:55:18

Rukovoditel 3.3.1 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into the firstname field. Attackers can craft payloads like =calc|a!z| to trigger code execution when an admin exports customer data...

5.4

CVE-2023-53898

Exploit
  • EPSS 0.04%
  • Veröffentlicht 16.12.2025 17:03:46
  • Zuletzt bearbeitet 27.12.2025 17:15:42

Rukovoditel 3.4.1 contains a stored cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts. Attackers can insert iframe and script payloads in application copyright text to execute arbitrary JavaScript in ...

5.4

CVE-2023-53897

Exploit
  • EPSS 0.04%
  • Veröffentlicht 16.12.2025 17:03:46
  • Zuletzt bearbeitet 27.12.2025 17:15:42

Rukovoditel 3.4.1 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts. Attackers can insert XSS payloads in project task comments to execute arbitrary JavaScript in victim brows...

7.1

CVE-2024-34469

Exploit
  • EPSS 1.17%
  • Veröffentlicht 04.05.2024 20:15:07
  • Zuletzt bearbeitet 17.06.2025 14:57:03

Rukovoditel before 3.5.3 allows XSS via user_photo to index.php?module=users/registration&action=save.

6.1

CVE-2024-34468

Exploit
  • EPSS 0.47%
  • Veröffentlicht 04.05.2024 20:15:07
  • Zuletzt bearbeitet 17.06.2025 15:01:01

Rukovoditel before 3.5.3 allows XSS via user_photo to My Page.

9.8

CVE-2022-48175

Exploit
  • EPSS 9.43%
  • Veröffentlicht 30.01.2023 23:15:11
  • Zuletzt bearbeitet 28.03.2025 15:15:42

Rukovoditel v3.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the component /rukovoditel/index.php?module=dashboard/ajax_request.

8.8

CVE-2022-45020

Exploit
  • EPSS 0.27%
  • Veröffentlicht 05.12.2022 23:15:09
  • Zuletzt bearbeitet 24.04.2025 14:15:40

Rukovoditel v3.2.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in the component /rukovoditel/index.php?module=users/login. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET req...

5.4

CVE-2022-44947

Exploit
  • EPSS 1.09%
  • Veröffentlicht 02.12.2022 20:15:14
  • Zuletzt bearbeitet 24.04.2025 14:15:39

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature at /index.php?module=entities/listing_types&entities_id=24. This vulnerability allows attackers to execute arbitrary web scrip...

5.4

CVE-2022-44944

Exploit
  • EPSS 1.09%
  • Veröffentlicht 02.12.2022 20:15:14
  • Zuletzt bearbeitet 24.04.2025 15:15:53

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts...

9.8

CVE-2022-44945

Exploit
  • EPSS 0.91%
  • Veröffentlicht 02.12.2022 20:15:14
  • Zuletzt bearbeitet 24.04.2025 14:15:39

Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the heading_field_id parameter.