rukovoditel

Top products

The 15 most recently published vulnerabilities affecting rukovoditel.

• CVE-2026-31845A reflected cross-site scripting (XSS) vulnerability exists in Rukovoditel CRM version 3.6.4 and earlier in the Zadarma telephony API endpoint (/api/tel/zadarma.php). The application directly refle...9.3Apr 11, 2026
• CVE-2023-53913Rukovoditel 3.3.1 CSV Injection via User Account Export8.8Dec 17, 2025
• CVE-2023-53898Rukovoditel 3.4.1 Multiple Stored Cross-Site Scripting via Configuration5.4Dec 16, 2025
• CVE-2023-53897Rukovoditel 3.4.1 Multiple Stored Cross-Site Scripting via Comments5.4Dec 16, 2025
• CVE-2024-34469Rukovoditel before 3.5.3 allows XSS via user_photo to index.php?module=users/registration&action=save.7.1May 4, 2024
• CVE-2024-34468Rukovoditel before 3.5.3 allows XSS via user_photo to My Page.6.1May 4, 2024
• CVE-2022-48175Rukovoditel v3.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the component /rukovoditel/index.php?module=dashboard/ajax_request.9.8Jan 30, 2023
• CVE-2022-45020Rukovoditel v3.2.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in the component /rukovoditel/index.php?module=users/login. This vulnerability allows attackers to ...8.8Dec 5, 2022
• CVE-2022-44952Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitra...5.4Dec 2, 2022
• CVE-2022-44951Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Form tab function at /index.php?module=entities/forms&entities_id=24. This vulnerabilit...5.4Dec 2, 2022
• CVE-2022-44950Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability ...5.4Dec 2, 2022
• CVE-2022-44949Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability ...5.4Dec 2, 2022
• CVE-2022-44948Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature at/index.php?module=entities/entities_groups. This vulnerability allows ...5.4Dec 2, 2022
• CVE-2022-44947Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature at /index.php?module=entities/listing_types&entities_id=24. This vulnerab...5.4Dec 2, 2022
• CVE-2022-44946Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Page function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allo...5.4Dec 2, 2022