A vulnerability classified as problematic was found in Bitrix Site Manager 12.06.2015. Affected by this vulnerability is an unknown functionality of the component Contact Form. The manipulation of the argument text with the input <img src="http://1"; on onerror="$(’p').text(’Hacked’)" /> leads to basic cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2017/Feb/3 | Exploit Mailing List Third Party Advisory |
https://vuldb.com/?id.96643 | Third Party Advisory |
http://seclists.org/fulldisclosure/2017/Feb/3 | Exploit Mailing List Third Party Advisory |
https://vuldb.com/?id.96643 | Third Party Advisory |
Configurations
History
21 Nov 2024, 03:22
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 3.5 |
References | () http://seclists.org/fulldisclosure/2017/Feb/3 - Exploit, Mailing List, Third Party Advisory | |
References | () https://vuldb.com/?id.96643 - Third Party Advisory |
09 Jul 2022, 00:20
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 5.4 |
References | (N/A) https://vuldb.com/?id.96643 - Third Party Advisory | |
References | (N/A) http://seclists.org/fulldisclosure/2017/Feb/3 - Exploit, Mailing List, Third Party Advisory | |
CWE | CWE-79 | |
CPE | cpe:2.3:a:bitrix24:bitrix_site_manager:12.06.2015:*:*:*:*:*:*:* |
30 Jun 2022, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-06-30 05:15
Updated : 2024-11-21 03:22
NVD link : CVE-2017-20122
Mitre link : CVE-2017-20122
CVE.ORG link : CVE-2017-20122
JSON object : View
Products Affected
bitrix24
- bitrix_site_manager