CVE-2022-45020

Name of the Vulnerable Software and Affected Versions Rukovoditel version 3.2.1

Description A DOM-based cross-site scripting (XSS) issue was found in the /rukovoditel/index.php?module=users/login component. This allows attackers to cause a Denial of Service (DoS) by sending a crafted GET request.

Recommendations For Rukovoditel version 3.2.1, consider restricting access to the /rukovoditel/index.php?module=users/login endpoint until a patch is available. As a temporary workaround, avoid using this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.