CVE-2020-35986

Name of the Vulnerable Software and Affected Versions: Rukovoditel version 2.7.2

Description: A stored cross site scripting (XSS) issue in the 'Users Access Groups' feature allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Name parameter.

Recommendations: For Rukovoditel version 2.7.2, consider restricting access to the 'Users Access Groups' feature until a patch is available, and avoid using the Name parameter in this feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.