Описание
Prototype pollution in bitrix/templates/bitrix24/components/bitrix/menu/left_vertical/script.js in Bitrix24 22.0.300 allows remote attackers to execute arbitrary JavaScript code in the victim’s browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via polluting __proto__[tag] and __proto__[text].
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
EPSS
9.6 Critical
CVSS3
Дефекты
Связанные уязвимости
Prototype pollution in bitrix/templates/bitrix24/components/bitrix/menu/left_vertical/script.js in Bitrix24 22.0.300 allows remote attackers to execute arbitrary JavaScript code in the victim’s browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via polluting `__proto__[tag]` and `__proto__[text]`.
Уязвимость компонента bitrix/templates/bitrix24/components/bitrix/menu/left_vertical/script.js модуля main сервиса для управления бизнесом Битрикс24, позволяющая нарушителю выполнить произвольный JavaScript-код
EPSS
9.6 Critical
CVSS3