Home

Description

Rukovoditel 3.4.1 contains a stored cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts. Attackers can insert iframe and script payloads in application copyright text to execute arbitrary JavaScript in victim browsers.

PUBLISHED Reserved 2025-12-16 | Published 2025-12-16 | Updated 2025-12-30 | Assigner VulnCheck




MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

MEDIUM: 5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Problem types

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Default status
unaffected

3.4.1
affected

Credits

Mirabbas Ağalarov finder

References

www.exploit-db.com/exploits/51548 (ExploitDB-51548) exploit

www.rukovoditel.net/ (Rukovoditel Product Webpage) product

www.vulncheck.com/...-cross-site-scripting-via-configuration (VulnCheck Advisory: Rukovoditel 3.4.1 Multiple Stored Cross-Site Scripting via Configuration) third-party-advisory

cve.org (CVE-2023-53898)

nvd.nist.gov (CVE-2023-53898)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.