CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

191 matches found

CNNVD•added 2023/11/01 12:0 a.m.•4 views

Bitrix24 Security Vulnerability

Bitrix24 is a suite of enterprise social platforms from Bitrix USA. The platform includes features such as online communication, calendar management and CRM Customer Relationship Management. A security vulnerability exists in Bitrix24 version 22.0.300, which originates from a security hole in the...

8.8CVSS7.6AI score0.01399EPSS

Exploits1References2

CNNVD•added 2023/11/01 12:0 a.m.•2 views

Bitrix24 Security Vulnerability

9.8CVSS7.2AI score0.04973EPSS

Exploits1References2

Positive Technologies•added 2023/11/01 12:0 a.m.•2 views

PT-2023-6689 · Bitrix +1 · Bitrix24 +1

Name of the Vulnerable Software and Affected Versions: Bitrix24 version 22.0.300 Description: The issue in Bitrix24 is related to global variable extraction in the bitrix/modules/main/tools.php component, allowing unauthenticated remote attackers to enumerate attachments on the server and execute...

9.8CVSS9.6AI score0.04973EPSS

Exploits1References17

CNNVD•added 2023/11/01 12:0 a.m.•2 views

Bitrix24 Security Vulnerability

8.8CVSS7.7AI score0.01231EPSS

Exploits1References2

CNNVD•added 2023/11/01 12:0 a.m.•2 views

Bitrix24 Security Vulnerability

9.6CVSS7.3AI score0.0105EPSS

Exploits1References2

CNNVD•added 2023/11/01 12:0 a.m.•3 views

Bitrix24 Security Vulnerability

7.5CVSS6.6AI score0.24078EPSS

Exploits1References2

CNNVD•added 2023/11/01 12:0 a.m.•2 views

Bitrix24 Security Vulnerability

9.6CVSS7.3AI score0.0085EPSS

Exploits1References2

Positive Technologies•added 2023/11/01 12:0 a.m.•4 views

PT-2023-6688 · Bitrix · Bitrix24

Name of the Vulnerable Software and Affected Versions: Bitrix24 version 22.0.300 Description: The issue is related to the lack of a mime type response header in Bitrix24, which allows authenticated remote attackers to execute arbitrary JavaScript code in the victim's browser. If the victim has...

10CVSS7.8AI score0.0085EPSS

Exploits1References11

Positive Technologies•added 2023/11/01 12:0 a.m.•3 views

PT-2023-6693 · Bitrix +1 · Bitrix24 +1

Name of the Vulnerable Software and Affected Versions: Bitrix24 version 22.0.300 Description: A logic error in the mb strpos function allows attackers to bypass XSS sanitization by placing HTML tags at the beginning of the payload, potentially leading to a cross-site scripting XSS attack. This...

9CVSS5.3AI score0.00594EPSS

Exploits1References13

CNNVD•added 2023/11/01 12:0 a.m.•2 views

Bitrix24 Cross-Site Scripting Vulnerability

Bitrix24 is a suite of enterprise social platforms from Bitrix USA. The platform includes features such as online communication, calendar management, and CRM Customer Relationship Management. A security vulnerability exists in Bitrix24 version 22.0.300, which stems from a cross-site scripting XSS...

9.6CVSS6.1AI score0.00715EPSS

Exploits1References2

CNNVD•added 2023/11/01 12:0 a.m.•2 views

Bitrix24 Cross-Site Scripting Vulnerability

9CVSS5.4AI score0.00594EPSS

Exploits1References2

Positive Technologies•added 2023/11/01 12:0 a.m.•6 views

PT-2023-6694

Name of the Vulnerable Software and Affected Versions Bitrix24 version 22.0.300 Description An issue exists in the bitrix/modules/crm/lib/order/import/instagram.php component of Bitrix24 that allows remote authenticated attackers to execute arbitrary code. This is due to insecure temporary file...

9CVSS8.9AI score0.01231EPSS

Exploits1References17

Positive Technologies•added 2023/11/01 12:0 a.m.•6 views

PT-2023-6690

Name of the Vulnerable Software and Affected Versions Bitrix24 version 22.0.300 Description The software contains an improper file stream access issue in the /desktop app/file.ajax.php?action=uploadfile endpoint. This allows unauthenticated remote attackers to cause a denial-of-service condition ...

7.8CVSS7.6AI score0.24078EPSS

Exploits1References17

Positive Technologies•added 2023/11/01 12:0 a.m.•5 views

PT-2023-6692 · Bitrix +1 · Bitrix24 +1

Name of the Vulnerable Software and Affected Versions: Bitrix24 version 22.0.300 Description: A cross-site scripting XSS issue in the Invoice Edit Page of Bitrix24 allows attackers to execute arbitrary JavaScript code in the victim's browser. If the victim has administrator privileges, it is also...

9.6CVSS8.6AI score0.00715EPSS

Exploits1References10

Positive Technologies•added 2023/11/01 12:0 a.m.•3 views

PT-2023-6691 · Bitrix +1 · Bitrix24 +1

Name of the Vulnerable Software and Affected Versions: Bitrix24 version 22.0.300 Description: The issue is related to prototype pollution in the bitrix/templates/bitrix24/components/bitrix/menu/left vertical/script.js component of Bitrix24. This allows remote attackers to execute arbitrary...

10CVSS9.3AI score0.0105EPSS

Exploits1References14

BDU FSTEC•added 2023/03/28 12:0 a.m.•4 views

The vulnerability of the AD/LDAP service used for business management in Bitrix24 allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the AD/LDAP service for BizTalk24 management involves insufficient protection of registration data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information by executing the script /bitrix/admin/ldapserveredit.php...

4.9CVSS5.6AI score0.01013EPSS

Exploits1References4Affected Software1

OSV•added 2023/01/20 3:15 p.m.•4 views

CVE-2022-43959

Insufficiently Protected Credentials in the AD/LDAP server settings in 1C-Bitrix Bitrix24 through 22.200.200 allow remote administrators to discover an AD/LDAP administrative password by reading the source code of /bitrix/admin/ldapserveredit.php...

4.9CVSS5.9AI score0.01013EPSS

Exploits1References3