Rukovoditel Support Forum

To find any XSS, SQL Injection etc, please login as not admin user. I did not add any protection for admin user. Because admin can add own PHP, JS, HTML code for app.

As I said before vulnerability - if not admin user can add something like this . There is PHP code and JS code field type and ADMIN user can add any code there too. And this is not vulnerability too, because this is how app works. Admin can add own custom code for app. So to find any XSS, please log...

But you are admin and app allows you add any code. It's all your responsibility.
Vulnerability - if not admin user can add something like this.

Word to PDF is problematic. To all settings can be used in php to create PDF.
Use HTML template to generate PDF. It will be better formatted.

First update to 3.5, please. If error will be exist, I will check.

Anton, this is not vulnerability. As administrator you can add own php/js/html code for app. This is not bug or vulnerability.

Anton, this is not vulnerability. As administrator you can add own php/js/html code for app. This is not bug or vulnerability.

Go to calendar report and remove reports with empty entity.

Thank you. Will be fixed in 3.5.3

Rukovoditel Support Forum

Search found 6188 matches

Re: SQL Injection in Users Login Log

Re: Stored Cross-Site Scripting (XSS) in users_alerts

Re: Stored Cross-Site Scripting (XSS) in configuration/custom_html

Re: Export PDF

Re: Related entity - add record action can't add multiple related records

Re: Stored Cross-Site Scripting (XSS) in users_alerts

Re: Stored Cross-Site Scripting (XSS) in configuration/custom_html

Re: stored XSS (Cross-site scripting) vulnerability

Re: Data base error

Re: stored XSS (Cross-site scripting) vulnerability