CVE-2020-35986

MEDIUM NUCLEI

Rukovoditel - XSS

Title source: rule

Description

A stored cross site scripting (XSS) vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.

Nuclei Templates (1)

Rukovoditel <= 2.7.2 - Cross Site Scripting

MEDIUMVERIFIEDby r3Y3r53

Shodan: http.favicon.hash:-1499940355

FOFA: icon_hash=-1499940355

References (1)

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/r0ck3t1973/rukovoditel/issues/2

Scores

CVSS v3 5.4

EPSS 0.0366

EPSS Percentile 87.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

rukovoditel/rukovoditel 2.7.2

Published Jul 09, 2021

Tracked Since Feb 18, 2026