Cross-site scripting (XSS) vulnerability in Invoice Edit Page in Bitrix24 22.0.300 allows attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege.
References
Link | Resource |
---|---|
https://starlabs.sg/advisories/23/23-1716/ | Broken Link Exploit |
https://starlabs.sg/advisories/23/23-1716/ | Broken Link Exploit |
Configurations
History
21 Nov 2024, 07:39
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-01 10:15
Updated : 2024-11-21 07:39
NVD link : CVE-2023-1716
Mitre link : CVE-2023-1716
CVE.ORG link : CVE-2023-1716
JSON object : View
Products Affected
bitrix24
- bitrix24
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')