CVE-2022-44951

Name of the Vulnerable Software and Affected Versions Rukovoditel version 3.2.1

Description The issue is related to a stored cross-site scripting (XSS) vulnerability in the Add New Form tab function at "/index.php?module=entities/forms&entities id=24". This allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.

Recommendations For Rukovoditel version 3.2.1, consider disabling the Add New Form tab function at "/index.php?module=entities/forms&entities id=24" until a patch is available. Restrict access to the Name field in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.