XSS vulnerability in Rukovoditel before 3.5.3 allows attackers to exploit user_photo to index.php?module=users/registration&action=save
CVE-2024-34469

Currently unrated

Key Information:

Vendor: Rukovoditel
Status: Rukovoditel
Vendor: CVE Published:; 4 May 2024

🔔 Create Rukovoditel Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2024-34469?

A cross-site scripting vulnerability has been identified in Rukovoditel prior to version 3.5.3. This flaw allows attackers to inject malicious scripts via the user_photo parameter during the user registration process. Exploiting this vulnerability can lead to unauthorized actions on behalf of users, compromise sensitive information, and potentially redirect users to malicious sites. Organizations utilizing Rukovoditel should prioritize upgrading to the latest version to mitigate this security risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://forum.rukovoditel.net/viewtopic.php?t=5071

Timeline

🟡
Public PoC available
May 7, 2024
👾
Exploit known to exist
May 7, 2024
Vulnerability published
May 4, 2024
Vulnerability Reserved
May 4, 2024

JSON

Rukovoditel

Badges

What is CVE-2024-34469?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.