Total vulnerabilities in the database
Rukovoditel through 2.4.1 allows XSS via a URL that lacks a module=users%2flogin substring.
CVSS v3:
CVSS v2:
CWEs:
OWASP TOP 10: