CVE-2023-53897
BaseFortify
Publication date: 2025-12-16
Last updated on: 2025-12-27
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rukovoditel | rukovoditel | 3.4.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2023-53897 is a set of multiple stored cross-site scripting (XSS) vulnerabilities in Rukovoditel version 3.4.1. Authenticated attackers can inject malicious scripts by inserting XSS payloads into project task comments or application configuration fields like the copyright text. These malicious scripts are stored and later executed in the browsers of users who view the affected pages, allowing arbitrary JavaScript execution. [2]
How can this vulnerability impact me? :
This vulnerability can allow attackers to execute arbitrary JavaScript in the browsers of users who view the injected content. This can lead to session hijacking, defacement of the application, theft of sensitive information, or other malicious actions that compromise user security and application integrity. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to inject stored XSS payloads into project task comments or application configuration fields and observing if the payload executes when viewed. For example, you can test by sending a POST request with a malicious payload to the task comments endpoint or the configuration save endpoint. Suggested commands include using curl to send these POST requests: 1. To test stored XSS in task comments: curl -X POST 'http://<target>/index.php?module=items/comments&action=save&token=<token>' -d 'description=<iframe src="https://14.rs"></iframe>' 2. To test stored XSS in application configuration (requires admin): curl -X POST 'http://<target>/index.php?module=configuration/save&redirect_to=configuration/application' -F 'CFG[APP_COPYRIGHT_NAME]=<img src=x onerror=alert(1)>' Replace <target> and <token> with appropriate values. If the payload executes in the browser when viewing the affected pages, the vulnerability is present. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1. Restricting or monitoring user input in project task comments and configuration fields to prevent injection of malicious scripts. 2. Applying input sanitization and output encoding to all user-supplied data before storing or rendering it. 3. Limiting access privileges to trusted users, especially for configuration settings. 4. Updating Rukovoditel to a version where these vulnerabilities are fixed, if available. 5. As a temporary measure, reviewing and removing suspicious comments or configuration entries containing malicious payloads. 6. Monitoring logs and user activity for signs of exploitation attempts. [2]