Summary: Rukovoditel through 2.4.1 allows XSS via a URL that lacks a module=users%2flogin substring.Published: Tuesday, May 7, 2019 - 15:29cvss: