CVE-2022-44946

Name of the Vulnerable Software and Affected Versions Rukovoditel version 3.2.1

Description The issue is related to a stored cross-site scripting (XSS) vulnerability in the Add Page function at "/index.php?module=help pages/pages&entities id=24". This allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.

Recommendations For Rukovoditel version 3.2.1, consider disabling the Add Page function at "/index.php?module=help pages/pages&entities id=24" until a patch is available. Restrict access to the Title field in the Add Page function to minimize the risk of exploitation. Avoid using the Title field in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.