191 matches found
CVE-2023-1714
Unsafe variable extraction in bitrix/modules/main/classes/general/useroptions.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via 1 appending arbitrary content to existing PHP files or 2 PHAR deserialization...
CVE-2023-1719
Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to 1 enumerate attachments on the server and 2 execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim ha...
CVE-2023-1717
Prototype pollution in bitrix/templates/bitrix24/components/bitrix/menu/leftvertical/script.js in Bitrix24 22.0.300 allows remote attackers to execute arbitrary JavaScript code in the victim’s browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege...
CVE-2023-1720
Lack of mime type response header in Bitrix24 22.0.300 allows authenticated remote attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via uploading a crafted HTML file through...
CVE-2023-1715
A logic error when using mbstrpos to check for potential XSS payload in Bitrix24 22.0.300 allows attackers to bypass XSS sanitisation via placing HTML tags at the begining of the payload...
CVE-2023-1718
Improper file stream access in /desktopapp/file.ajax.php?action=uploadfile in Bitrix24 22.0.300 allows unauthenticated remote attackers to cause denial-of-service via a crafted "tmpurl"...
CVE-2023-1713
Insecure temporary file creation in bitrix/modules/crm/lib/order/import/instagram.php in Bitrix24 22.0.300 hosted on Apache HTTP Server allows remote authenticated attackers to execute arbitrary code via uploading a crafted ".htaccess" file...
CVE-2023-1713
Insecure temporary file creation in bitrix/modules/crm/lib/order/import/instagram.php in Bitrix24 22.0.300 hosted on Apache HTTP Server allows remote authenticated attackers to execute arbitrary code via uploading a crafted ".htaccess" file...
Code injection
Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to 1 enumerate attachments on the server and 2 execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim ha...
Design/Logic Flaw
Lack of mime type response header in Bitrix24 22.0.300 allows authenticated remote attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via uploading a crafted HTML file through...
Code injection
Insecure temporary file creation in bitrix/modules/crm/lib/order/import/instagram.php in Bitrix24 22.0.300 hosted on Apache HTTP Server allows remote authenticated attackers to execute arbitrary code via uploading a crafted ".htaccess" file...
Deserialization of untrusted data
Unsafe variable extraction in bitrix/modules/main/classes/general/useroptions.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via 1 appending arbitrary content to existing PHP files or 2 PHAR deserialization...
Cross site scripting
Cross-site scripting XSS vulnerability in Invoice Edit Page in Bitrix24 22.0.300 allows attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege...
Cross site scripting
A logic error when using mbstrpos to check for potential XSS payload in Bitrix24 22.0.300 allows attackers to bypass XSS sanitisation via placing HTML tags at the begining of the payload...
Input validation
Improper file stream access in /desktopapp/file.ajax.php?action=uploadfile in Bitrix24 22.0.300 allows unauthenticated remote attackers to cause denial-of-service via a crafted "tmpurl"...
Code injection
Prototype pollution in bitrix/templates/bitrix24/components/bitrix/menu/leftvertical/script.js in Bitrix24 22.0.300 allows remote attackers to execute arbitrary JavaScript code in the victim’s browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege...
CVE-2023-1720 Bitrix24 Stored Cross-Site Scripting (XSS) via File Upload
Lack of mime type response header in Bitrix24 22.0.300 allows authenticated remote attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via uploading a crafted HTML file through...
CVE-2023-1720
Affected software: Bitrix24 22.0.300. Root cause: missing mime type response header. Vulnerability: allows authenticated remote attackers to upload a crafted HTML file via /desktop_app/file.ajax.php?action=uploadfile, enabling arbitrary JavaScript in the victim’s browser and, if the victim is an ...
CVE-2023-1720 Bitrix24 Stored Cross-Site Scripting (XSS) via File Upload
Lack of mime type response header in Bitrix24 22.0.300 allows authenticated remote attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via uploading a crafted HTML file through...
CVE-2023-1719 Bitrix24 Insecure Global Variable Extraction
Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to 1 enumerate attachments on the server and 2 execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim ha...