CVE-2023-1716

Cross-site scripting (XSS) vulnerability in Invoice Edit Page in Bitrix24 22.0.300 allows attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege.
References
Link Resource
https://starlabs.sg/advisories/23/23-1716/ Broken Link Exploit
https://starlabs.sg/advisories/23/23-1716/ Broken Link Exploit
Configurations

Configuration 1 (hide)

cpe:2.3:a:bitrix24:bitrix24:22.0.300:*:*:*:*:*:*:*

History

21 Nov 2024, 07:39

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-01 10:15

Updated : 2024-11-21 07:39


NVD link : CVE-2023-1716

Mitre link : CVE-2023-1716

CVE.ORG link : CVE-2023-1716


JSON object : View

Products Affected

bitrix24

  • bitrix24
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')