Описание
Cross-site scripting (XSS) vulnerability in Invoice Edit Page in Bitrix24 22.0.300 allows attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege.
Ссылки
- Broken LinkExploit
- Broken LinkExploit
Уязвимые конфигурации
EPSS
9 Critical
CVSS3
9.6 Critical
CVSS3
Дефекты
Связанные уязвимости
Cross-site scripting (XSS) vulnerability in Invoice Edit Page in Bitrix24 22.0.300 allows attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege.
Уязвимость страницы редактирования (Invoice Edit Page) сервиса для управления бизнесом Битрикс24, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)
EPSS
9 Critical
CVSS3
9.6 Critical
CVSS3