Vulners
Lucene search
Bitrix Site Manager Cross Site Scripting
`Hello list!
There is Cross-Site Scripting vulnerability in Bitrix Site Manager.
-------------------------
Affected products:
-------------------------
Vulnerable was the last version of Bitrix Site Manager at 12.06.2015, when I
found this vulnerability on web site of Russian terrorists. At that time I
wrote at Facebook about hack by Ukrainian Cyber Forces of that site
http://on.fb.me/1H05ccm and published results of our work with it.
You can read about work of Ukrainian Cyber Forces
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2017-January/010833.html).
----------
Details:
----------
Cross-Site Scripting (WASC-08):
This is persistent XSS in field "text" in contact form (captcha protected):
<img src="http://1" on onerror="$(p').text(Hacked)" />
At 31.12.2016 I disclosed it at my site (http://websecurity.com.ua/7826/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
02 Feb 2017 00:00Current
7.4High risk
Vulners AI Score7.4