Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time
⬤ Vulnerability Type:
Cross Site Scripting (XSS)
⬤ Affected Component:
The Rukovoditel system not validate Attachment filename!
{Add project --> Add attachment]
⬤ Attack Type: Remote
⬤ Impact Code execution: true
⬤ Attack Vectors:
The attacker could add JavaScript code to the filename.
The Javascript code runs every time a project is opened.
⬤ Referenceo:
http://rukovoditel.com https://www.rukovoditel.net
⬤ Vendor of Product:
https://www.rukovoditel.net
⬤ Suggested description:
Rukovoditel Project Management app 2.6 is affected by: Cross Site Scripting (XSS). An attacker can add JavaScript code to the filename..
⬤ Affected Product Code Base:
Rukovoditel Project Management app 2.6
Use CVE-2020-21732 for this vulnerability.