Skip to main content

CVE-2022-43170: n/a in n/a

Medium
VulnerabilityCVE-2022-43170cvecve-2022-43170
Published: Fri Oct 28 2022 (10/28/2022, 00:00:00 UTC)
Source: CVE
Vendor/Project: n/a
Product: n/a

Description

A stored cross-site scripting (XSS) vulnerability in the Dashboard Configuration feature (index.php?module=dashboard_configure/index) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add info block".

AI-Powered Analysis

AILast updated: 07/05/2025, 13:40:00 UTC

Technical Analysis

CVE-2022-43170 is a stored cross-site scripting (XSS) vulnerability identified in the Dashboard Configuration feature of Rukovoditel version 3.2.1. Specifically, the vulnerability exists in the index.php?module=dashboard_configure/index endpoint, where an authenticated attacker can inject arbitrary web scripts or HTML code into the Title parameter when using the "Add info block" functionality. This injected payload is stored and later rendered in the application, allowing the malicious script to execute in the context of other users who view the affected dashboard. The vulnerability is classified under CWE-79, which pertains to improper neutralization of input during web page generation, leading to XSS. The CVSS v3.1 base score is 5.4 (medium severity), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), requiring privileges (PR:L), user interaction (UI:R), scope changed (S:C), and limited impact on confidentiality and integrity (C:L/I:L) but no impact on availability (A:N). No known exploits are reported in the wild, and no official patches or vendor information are provided in the data. The vulnerability requires an attacker to be authenticated and to trick a user into interacting with the malicious payload, which limits but does not eliminate the risk. Stored XSS can lead to session hijacking, privilege escalation, or further exploitation depending on the victim's privileges and the application's context.

Potential Impact

For European organizations using Rukovoditel 3.2.1, this vulnerability poses a moderate risk. Since Rukovoditel is a web-based project management and CRM tool, exploitation could allow attackers to execute malicious scripts within the context of authenticated users, potentially leading to theft of session tokens, unauthorized actions, or data leakage. The impact on confidentiality and integrity is limited but non-negligible, especially if sensitive business data or user credentials are exposed. The requirement for authentication and user interaction reduces the likelihood of widespread automated exploitation but does not prevent targeted attacks, particularly insider threats or phishing campaigns aimed at employees. Organizations in Europe with compliance obligations such as GDPR must consider the risk of personal data exposure through such vulnerabilities, which could lead to regulatory penalties and reputational damage. Additionally, the scope change in the CVSS vector indicates that the vulnerability could affect resources beyond the initially vulnerable component, increasing potential impact.

Mitigation Recommendations

European organizations should take the following specific steps to mitigate this vulnerability: 1) Immediately review and restrict access to the Dashboard Configuration feature to trusted and necessary users only, minimizing the attack surface. 2) Implement strict input validation and output encoding on the Title parameter and any other user-supplied data in the dashboard configuration to neutralize malicious scripts. 3) Monitor and audit dashboard configuration changes for suspicious or unauthorized entries that may contain malicious payloads. 4) Educate users about the risks of interacting with untrusted content and implement security awareness training focused on phishing and social engineering, as user interaction is required for exploitation. 5) If possible, upgrade to a patched version of Rukovoditel once available or apply custom patches to sanitize inputs. 6) Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in the web application context. 7) Use web application firewalls (WAFs) with rules designed to detect and block XSS payloads targeting the application. 8) Regularly back up configuration data and maintain incident response plans to quickly remediate any exploitation attempts.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2022-10-17T00:00:00.000Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682d981ac4522896dcbd9816

Added to database: 5/21/2025, 9:08:42 AM

Last enriched: 7/5/2025, 1:40:00 PM

Last updated: 7/29/2025, 2:03:15 AM

Views: 12

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats