A stored cross-site scripting (XSS) vulnerability in the Global Entities feature (/index.php?module=entities/entities) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New Entity".
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-28T00:00:00

Updated: 2024-08-03T13:26:02.867Z

Reserved: 2022-10-17T00:00:00

Link: CVE-2022-43166

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-10-28T17:15:27.130

Modified: 2024-11-21T07:26:00.777

Link: CVE-2022-43166

cve-icon Redhat

No data.