CVE-2020-21732

⬤ Vulnerability Type:
Cross Site Scripting (XSS)

⬤ Affected Component:
The Rukovoditel system not validate Attachment filename! 
{Add project --> Add attachment]

⬤ Attack Type: Remote

⬤ Impact Code execution: true

⬤ Attack Vectors: 
The attacker could add JavaScript code to the filename. 
The Javascript code runs every time a project is opened.

⬤ Referenceo:
http://rukovoditel.com https://www.rukovoditel.net

⬤ Vendor of Product:
https://www.rukovoditel.net

⬤ Suggested description: 
Rukovoditel Project Management app 2.6 is affected by: Cross Site Scripting (XSS). An attacker can add JavaScript code to the filename..


⬤ Affected Product Code Base: 
Rukovoditel Project Management app 2.6
 
Use CVE-2020-21732 for this vulnerability.