CNNVD-202512-2817 Information
CNNVD ID
CNNVD-202512-2817
Related CVE
- CNNVD Published: 2025-12-16
Description (Chinese)
Rukovoditel是Rukovoditel团队的一套基于Web的开源项目管理软件。该软件具有项目管理、客户关系管理等功能。 Rukovoditel 3.4.1版本存在安全漏洞,该漏洞源于存储型跨站脚本漏洞,可能导致认证攻击者在项目任务评论中注入恶意脚本。
Description (English)
Rukovoditel is a Web-based open-source project management package for the Rukovoditel team. The software has project management, customer relationship management, etc. There is a security loophole in version 3.4.1 of Rukovoditel, which stems from the storage-type cross-site script loophole, which could lead to the certification of the assailants into malicious scripts in the project mandate review.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Rukovoditel
Published
2025-12-16
Last Modified
2026-02-24
References
https://www.exploit-db.com/exploits/51548 https://www.rukovoditel.net/ https://www.vulncheck.com/advisories/rukovoditel-multiple-stored-cross-site-scripting-via-comments
Patch
https://www.rukovoditel.net/download.php
Share on: