CVE-2022-44944

Name of the Vulnerable Software and Affected Versions Rukovoditel version 3.2.1

Description The issue is related to a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at "/index.php?module=help pages/pages&entities id=24". This allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.

Recommendations For Rukovoditel version 3.2.1, consider disabling the Add Announcement function at "/index.php?module=help pages/pages&entities id=24" until a patch is available to prevent exploitation of the stored XSS vulnerability. Restrict access to the Title field to minimize the risk of arbitrary web script or HTML execution.