CVE-2022-43185

Name of the Vulnerable Software and Affected Versions Rukovoditel version 3.2.1

Description A stored cross-site scripting (XSS) issue in the Configuration/Holidays module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter. This can be exploited by a remote attacker to conduct a cross-site scripting attack.

Recommendations For Rukovoditel version 3.2.1, consider disabling the Configuration/Holidays module until a patch is available to prevent exploitation of the stored XSS vulnerability. Avoid using the Name parameter in the affected module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.