PT-2020-15385 · Rukovoditel · Rukovoditel Project Management App
Gr3Gpr1Est
·
Published
2020-09-14
·
Updated
2024-02-14
·
CVE-2020-21732
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Rukovoditel Project Management app version 2.6
Description
The issue allows an attacker to add JavaScript code to the filename, potentially leading to Cross Site Scripting (XSS) attacks.
Recommendations
For version 2.6, update to a newer version that contains a fix for this issue, or as a temporary workaround, consider validating and sanitizing all filenames to prevent the injection of malicious JavaScript code.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rukovoditel Project Management App