CVE-2026-31845 | Rukovoditel CRM up to 3.6/3.6.4 API Endpoint /api/tel/zadarma.php zd_echo cross site scripting

Inserito da Angelo Barbosa | Apr 11, 2026 | CVE

A vulnerability, which was classified as problematic, has been found in Rukovoditel CRM up to 3.6/3.6.4. This issue affects some unknown processing of the file /api/tel/zadarma.php of the component API Endpoint. The manipulation of the argument zd_echo leads to cross site scripting.

This vulnerability is uniquely identified as CVE-2026-31845. The attack is possible to be carried out remotely. No exploit exists.

It is advisable to upgrade the affected component.

CVE-2026-31845 | Rukovoditel CRM up to 3.6/3.6.4 API Endpoint /api/tel/zadarma.php zd_echo cross site scripting

Post correlati

CVE-2024-1348 | Averta Shortcodes and Extra Features for Phlox Theme up to 2.15.5 on WordPress cross site scripting

CVE-2024-1990 | metagauss RegistrationMagic Plugin up to 5.3.1.0 on WordPress RM_Form Shortcode id sql injection

CVE-2025-62035 | Togo Plugin up to 1.0.3 on WordPress deserialization

CVE-2024-8473 | PHPGurukul Job Portal 1.0 login.php user_email cross site scripting