exploitDog

CVE-2023-53898

Опубликовано: 16 дек. 2025

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Rukovoditel 3.4.1 contains a stored cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts. Attackers can insert iframe and script payloads in application copyright text to execute arbitrary JavaScript in victim browsers.

Ссылки

https://www.exploit-db.com/exploits/51548
Exploit
Third Party Advisory
VDB Entry
https://www.rukovoditel.net/
Product
https://www.vulncheck.com/advisories/rukovoditel-multiple-stored-cross-site-scripting-via-configuration
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rukovoditel:rukovoditel:3.4.1:*:*:*:*:*:*:*

EPSS

Процентиль: 8%

0.0003

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-6598-86pr-wm97

CVSS3: 4.6

github

около 2 месяцев назад

Rukovoditel 3.4.1 contains a stored cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts. Attackers can insert iframe and script payloads in application copyright text to execute arbitrary JavaScript in victim browsers.

EPSS

Процентиль: 8%

0.0003

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79