CVE-2023-53897
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-16

Last updated on: 2025-12-27

Assigner: VulnCheck

Description
Rukovoditel 3.4.1 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts. Attackers can insert XSS payloads in project task comments to execute arbitrary JavaScript in victim browsers.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-16
Last Modified
2025-12-27
Generated
2026-06-16
AI Q&A
2025-12-16
EPSS Evaluated
2026-06-15
NVD
CVE-2023-53897
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
rukovoditel rukovoditel 3.4.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2023-53897 is a set of multiple stored cross-site scripting (XSS) vulnerabilities in Rukovoditel version 3.4.1. Authenticated attackers can inject malicious scripts by inserting XSS payloads into project task comments or application configuration fields like the copyright text. These malicious scripts are stored and later executed in the browsers of users who view the affected pages, allowing arbitrary JavaScript execution. [2]

Impact Analysis

This vulnerability can allow attackers to execute arbitrary JavaScript in the browsers of users who view the injected content. This can lead to session hijacking, defacement of the application, theft of sensitive information, or other malicious actions that compromise user security and application integrity. [2]

Detection Guidance

This vulnerability can be detected by attempting to inject stored XSS payloads into project task comments or application configuration fields and observing if the payload executes when viewed. For example, you can test by sending a POST request with a malicious payload to the task comments endpoint or the configuration save endpoint. Suggested commands include using curl to send these POST requests: 1. To test stored XSS in task comments: curl -X POST 'http://<target>/index.php?module=items/comments&action=save&token=<token>' -d 'description=<iframe src="https://14.rs"></iframe>' 2. To test stored XSS in application configuration (requires admin): curl -X POST 'http://<target>/index.php?module=configuration/save&redirect_to=configuration/application' -F 'CFG[APP_COPYRIGHT_NAME]=<img src=x onerror=alert(1)>' Replace <target> and <token> with appropriate values. If the payload executes in the browser when viewing the affected pages, the vulnerability is present. [2]

Mitigation Strategies

Immediate mitigation steps include: 1. Restricting or monitoring user input in project task comments and configuration fields to prevent injection of malicious scripts. 2. Applying input sanitization and output encoding to all user-supplied data before storing or rendering it. 3. Limiting access privileges to trusted users, especially for configuration settings. 4. Updating Rukovoditel to a version where these vulnerabilities are fixed, if available. 5. As a temporary measure, reviewing and removing suspicious comments or configuration entries containing malicious payloads. 6. Monitoring logs and user activity for signs of exploitation attempts. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53897. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart