CNNVD-202512-2816 Information
CNNVD ID
CNNVD-202512-2816
Related CVE
- CNNVD Published: 2025-12-16
Description (Chinese)
Rukovoditel是Rukovoditel团队的一套基于Web的开源项目管理软件。该软件具有项目管理、客户关系管理等功能。 Rukovoditel 3.4.1版本存在安全漏洞,该漏洞源于存储型跨站脚本漏洞,可能导致认证攻击者在应用程序版权文本中注入iframe和脚本。
Description (English)
Rukovoditel is a Web-based open-source project management package for the Rukovoditel team. The software has project management, customer relationship management, etc. There is a security loophole in version 3.4.1 of Rukovoditel, which originates from a storage-type cross-site script loophole that may result in the authentication attacker injecting frame and scripts into the application copyright text.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Rukovoditel
Published
2025-12-16
Last Modified
2026-02-24
References
https://www.exploit-db.com/exploits/51548 https://www.rukovoditel.net/ https://www.vulncheck.com/advisories/rukovoditel-multiple-stored-cross-site-scripting-via-configuration
Patch
https://www.rukovoditel.net/download.php
Share on: