CVE-2019-7541 Rukovoditel through 2.4.1 allows XSS via a URL that lacks a module=users%2flogin substring. Source: NIST CVE-2019-7541 May 7, 2019 by admin Uncategorized