exploitDog

GHSA-cf67-p397-fq9j

Опубликовано: 01 нояб. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 9

Описание

Cross-site scripting (XSS) vulnerability in Invoice Edit Page in Bitrix24 22.0.300 allows attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege.

Cross-site scripting (XSS) vulnerability in Invoice Edit Page in Bitrix24 22.0.300 allows attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege.

Ссылки

EPSS

Процентиль: 69%

0.00606

Низкий

9 Critical

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2023-1716

CVSS3: 9

nvd

больше 2 лет назад

Cross-site scripting (XSS) vulnerability in Invoice Edit Page in Bitrix24 22.0.300 allows attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege.

BDU:2023-07462

CVSS3: 9

fstec

больше 2 лет назад

Уязвимость страницы редактирования (Invoice Edit Page) сервиса для управления бизнесом Битрикс24, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)

EPSS

Процентиль: 69%

0.00606

Низкий

9 Critical

CVSS3

CVE ID

Дефекты

CWE-79