exploitDog

CVE-2023-53897

Опубликовано: 16 дек. 2025

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Rukovoditel 3.4.1 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts. Attackers can insert XSS payloads in project task comments to execute arbitrary JavaScript in victim browsers.

Ссылки

https://www.exploit-db.com/exploits/51548
Exploit
Third Party Advisory
VDB Entry
https://www.rukovoditel.net/
Product
https://www.vulncheck.com/advisories/rukovoditel-multiple-stored-cross-site-scripting-via-comments
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rukovoditel:rukovoditel:3.4.1:*:*:*:*:*:*:*

EPSS

Процентиль: 8%

0.0003

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-w8hg-xmw6-8fvg

CVSS3: 4.6

github

около 2 месяцев назад

Rukovoditel 3.4.1 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts. Attackers can insert XSS payloads in project task comments to execute arbitrary JavaScript in victim browsers.

EPSS

Процентиль: 8%

0.0003

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79