PT-2020-12862 · Rukovoditel · Rukovoditel

Published

2020-04-16

Updated

2020-04-23

CVE-2020-11813

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Rukovoditel version 2.5.2

Description The issue is related to a stored XSS vulnerability on the configuration page, specifically via the copyright text input. This allows an attacker to inject a malicious script, potentially leading to the theft of valuable user data. The vulnerability is particularly dangerous because the copyright text is displayed on every page.

Recommendations For Rukovoditel version 2.5.2, consider removing or restricting the ability to input custom copyright text on the configuration page until a fix is available. As a temporary workaround, restrict access to the configuration page to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-11813

Affected Products

Rukovoditel

PT-2020-12862 · Rukovoditel · Rukovoditel

CVE-2020-11813

Weakness Enumeration

Related Identifiers

Affected Products

References · 3