Lucene search

STAR_LabsCVELIST:CVE-2023-1720

HistoryNov 01, 2023 - 9:04 a.m.

CVE-2023-1720 Bitrix24 Stored Cross-Site Scripting (XSS) via File Upload

2023-11-0109:04:46

CWE-434

STAR_Labs

www.cve.org

bitrix24

xss

file upload

remote attack

javascript

php code

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.001

Percentile

38.4%

JSON

Lack of mime type response header in Bitrix24 22.0.300 allows authenticated remote attackers to execute arbitrary JavaScript code in the victim’s browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via uploading a crafted HTML file through /desktop_app/file.ajax.php?action=uploadfile.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Bitrix24",
    "programFiles": [
      "file:desktop_app/file.ajax.php"
    ],
    "vendor": "Bitrix24",
    "versions": [
      {
        "lessThanOrEqual": "22.0.300",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

starlabs.sg/advisories/23/23-1720/

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.001

Percentile

38.4%

JSON

Related for CVELIST:CVE-2023-1720