CVE-2023-53897

MEDIUM

5.4

Description

Rukovoditel 3.4.1 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts. Attackers can insert XSS payloads in project task comments to execute arbitrary JavaScript in victim browsers.

Details CVE

Score CVSS v3.15.4

SeveriteMEDIUM

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisLOW

Interaction utilisateurREQUIRED

Publie12/16/2025

Derniere modification12/27/2025

Sourcenvd

Observations honeypot0

Produits affectes

rukovoditel:rukovoditel

Faiblesses (CWE)

CWE-79

References

https://www.exploit-db.com/exploits/51548(disclosure@vulncheck.com)

https://www.rukovoditel.net/(disclosure@vulncheck.com)

https://www.vulncheck.com/advisories/rukovoditel-multiple-stored-cross-site-scripting-via-comments(disclosure@vulncheck.com)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.